A Specialist from Perm Wins the Network Infrastructure Security Analysis Contest at PHDays
5/27/2013
The security of network infrastructure is the most important task in business. Companies often suffer significant losses and sometimes go bankrupt when intruders manage to access a company's internal network and steal sensitive information. A key role in providing high security level usually belongs to an equipment on the basis of which a network is built.
Stanislav Mironov (Perm, Russia) cracked network infrastructure during the NetHack contest. Stanislav is an expert in network administration and security and currently works for a commercial bank in Moscow.
The contest's participants needed to obtain access to the game network during a limited period of time, then get to the unrouted segment that contains a certain automated system. The game network developed for the contest included typical vulnerabilities discovered by the Positive Technologies experts during security analysis and penetration tests.
The partakers had an hour to gain access to five network devices, get flags and enter them into a form on a special web page. There was a total of seven participants. The contest's network infrastructure was developed by the Positive Research Center experts Mikhail Pomzov and Sergey Pavlov.
The first flag was captured by Alexey "Foxter" Kashin, which took him 10 minutes. It should be noted that each following task was more complicated than previous one. It took Yuri "marsei" Shkodin 15 minutes to capture the second flag. After that, we had another leader: Stanislav "st.Ass" Mironov captured the last three flags and won the contest.
The organizers assigned 50 minutes for the NetHack competition. But as it was difficult to determine a winner during the period, 15 extra minutes were added, which decided the outcome of the contest. In the last seconds of the extra time, Stanislav Mironov managed to capture the fifth flag. The rest of the participants failed to capture it.
Eventually, Yuri Shkodin took second place, and Sergey Stankevich came third. Both participants captured four flags each.
According to Stanislav Mironov, the task was interesting and it was hard to solve it being constrained by time; however, in real life an experienced specialist must not make such errors during setup.
"Serious companies have standards and scanning procedures that help detect errors and prevent problems. But mistakes still can be made in real life", Mironov said.
"The task that was offered in the contest is mainly related to service errors and misconfiguration of large network infrastructures, which arise from a deviation from standards and best practices. Automated tools for compliance and vulnerability management can reduce risks", said Sergey Pavlov, Head of the Department for Network Devices Security Assessment at Positive Technologies.
The winners received special prizes from Cisco, the PHDays technological sponsor, and Positive Technologies, the forum's organizer.