Columbia's Information Security Group

A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the USC/Columbia Technology Incubator on the 3rd Tuesday of every month at 6:00 PM.

@Cola_Sec, #ColaSec, @USCColaInc

Image credit: Zach Pippin

Filtering by Tag: SCBG

Soda City Battlegrounds Update for March 2019

Lots of progress was made during the last meetup. We now have pfSense setup and running as our primary firewall and have a distinct wireless network setup for accessing the battleground. Our next point of discussion will be how the internal parts of the network should be configured to allow each team access into the battleground without allowing access into areas that they should not be able to interact with. For example, we want the Purple team environment to be inaccessible from the Blue and Red team environments. We will also need to look into getting the VPN setup at some point. For now, the good news is that we can get into the battleground by connecting to it via wireless rather than a cable.

As always, we would like to encourage everyone (experienced or not) to come out to the meetups. We have been having them consistently every other Thursday at Whit E. Octopus. We usually get started around 6:30 PM and go until 8ish (depending on how much progress we are making).

The next meetup at the time of posting this will be March 28th.

Soda City Battlegrounds Update

Tonight we completed a final inventory of our hardware and identified the go-forward hardware for SCBG.  We have a few systems that should be outstanding for phase 1 and are ready to get started after a couple more sessions.

We also permanently racked the firewall, switch, and KVM switch.  As a consequence of this, the cables that were previously run for this gear no longer works, so we've striped all of the networking cables.

Next up, on January 31: 

  • Establish cable routes for data, KVM, and power.

  • Re-cable every server such that they can be serviced independently.

  • Establish basic connectivity with the gateway from each host.

Extra credit:

  • Get the Dell storage array working so we can have a sweet SAN

When everything above has been accomplished we'll build a basic remotely accessible VM lab on a single host.  This lab will host a network segment for intentionally vulnerable training VMs, set to revert weekly. 

Once we get that working regularly, I want to get a contained subnet built with packet capture & security onion upstream to host the known compromised hosts for forensic analysis.

After that it's on to phase 2.