The IWAR Range: a The IWAR Range: a Laboratory for Laboratory for Undergraduate Undergraduate

Information Assurance Information Assurance EducationEducationBy Maj. Joseph Schafer (Naval War By Maj. Joseph Schafer (Naval War

College), Daniel J. Ragsdale and John R. College), Daniel J. Ragsdale and John R. Surdu (Information Technology and Surdu (Information Technology and

Operations Center, USMA), and Curtis Operations Center, USMA), and Curtis A Carver (Texas A & M University)A Carver (Texas A & M University)

Presented by Allen Stone

Information WarfareInformation Warfare

““Any electronic attack intended to Any electronic attack intended to disrupt a computer system” – Panda disrupt a computer system” – Panda and Yalamanchiliand Yalamanchili

IWAR Range: Attack/Defend IWAR Range: Attack/Defend Network for Educational PurposesNetwork for Educational Purposes

Very Literal Significance: The Very Literal Significance: The Defense of the United StatesDefense of the United States

ObjectivesObjectives

Types of WarfareTypes of Warfare Analog vs. ElectronicAnalog vs. Electronic

The LabThe Lab BackgroundBackground SetupSetup Classroom UseClassroom Use Process to Create a RangeProcess to Create a Range Future WorkFuture Work

Information Warfare Example (Black Information Warfare Example (Black Hat)Hat)

Types of WarfareTypes of Warfare

MilitaryMilitary ““Nationalism”Nationalism”

CriminalCriminal IndustrialIndustrial ConvolutedConvoluted

““Idealism”Idealism” JuvenileJuvenile

IWAR rangeIWAR range

Information Warfare Analysis and Information Warfare Analysis and Research LaboratoryResearch Laboratory Isolated LaboratoryIsolated Laboratory HeterogeneousHeterogeneous Modeled After Production SystemsModeled After Production Systems

Exploits and Tools are WeaponsExploits and Tools are Weapons

BackgroundBackground

TechnologyTechnology Overly Prepared or Not Utilizing What Overly Prepared or Not Utilizing What

is Thereis There Y2KY2K

Information Assurance Course Information Assurance Course (USMA)(USMA) Future Military LeadersFuture Military Leaders Know Your EnemyKnow Your Enemy

Ethical Issues with Malicious CodingEthical Issues with Malicious Coding

Electronic “Range”Electronic “Range”

Conventional Conventional Weapon RangeWeapon Range Inside vs. OutsideInside vs. Outside

4 Networks4 Networks Gray (Attack)Gray (Attack) Gold (Target)Gold (Target)

Green (Tactical Green (Tactical Command)Command)

Black (Faculty Black (Faculty Research)Research)

The Making of IWARThe Making of IWAR Minimize MisuseMinimize Misuse

IsolationIsolation On-Hand ResourcesOn-Hand Resources

Rescued MachinesRescued Machines Search BoxesSearch Boxes

Compressed Time TableCompressed Time Table All in One LabAll in One Lab

Divided RoomDivided Room KVM SwitchesKVM Switches ServicesServices

Total Cost: $20,000Total Cost: $20,000

IWAR LiteIWAR Lite

1:10 Cost-Value 1:10 Cost-Value Ratio could have Ratio could have been even betterbeen even better Rescued SystemsRescued Systems OS CostsOS Costs Abbreviated Abbreviated

ArchitectureArchitecture

Worth the Effort?Worth the Effort?

Hands-On vs. PowerPoint and Hands-On vs. PowerPoint and WhiteboardWhiteboard

Cadets Also Must Learn DefenseCadets Also Must Learn Defense Largely Positive FeedbackLargely Positive Feedback

Future WorkFuture Work

Branching OutBranching Out Rebuilding IWARRebuilding IWAR ACM ChapterACM Chapter

Fun, Unthreatening, Un-GradedFun, Unthreatening, Un-Graded

The Middle East The Middle East Cyberwar - 2001Cyberwar - 2001

Web Defacement and Denial of ServiceWeb Defacement and Denial of Service PropagandaPropaganda

Poisoned Pen TacticsPoisoned Pen Tactics

Less than 100 Core HackersLess than 100 Core Hackers Thousands of Volunteers and ConscriptsThousands of Volunteers and Conscripts

Emotional, Ideological, Patriotic, ReligiousEmotional, Ideological, Patriotic, Religious Israel, Palestine, Iran, Lebanon, Malaysia, Israel, Palestine, Iran, Lebanon, Malaysia,

Qatar, U.A.E., U.S.Qatar, U.A.E., U.S.

SpreadSpread

ReferencesReferences ““The IWAR Range: A Laboratory for Undergraduate The IWAR Range: A Laboratory for Undergraduate

Information Assurance Education” – Schafer, Ragsdale, Information Assurance Education” – Schafer, Ragsdale, Surdu, and Carver – “Proceedings of the Sixth Annual Surdu, and Carver – “Proceedings of the Sixth Annual CCSC Northeastern Conference on the Journal of CCSC Northeastern Conference on the Journal of Computing in Small Colleges” – Consortium for Computing Computing in Small Colleges” – Consortium for Computing Sciences in CollegesSciences in Colleges

““Cyber Jihad and the Globalization of Warfare: Computer Cyber Jihad and the Globalization of Warfare: Computer Networks as a Battle Ground in the Middle East Networks as a Battle Ground in the Middle East andBeyond” – Kenneth Geers (NCIS) and Dr. Peter Feaver andBeyond” – Kenneth Geers (NCIS) and Dr. Peter Feaver (Duke University) – Black Hat USA 2004 Briefings and (Duke University) – Black Hat USA 2004 Briefings and Training, July 24-29, Las Vegas, NVTraining, July 24-29, Las Vegas, NV

““Transaction Fusion in the Wake of Information Warfare” – Transaction Fusion in the Wake of Information Warfare” – Brajendra Panda and Rajesh Yalamanchili (University of Brajendra Panda and Rajesh Yalamanchili (University of North Dakota) – Proceedings of the 2001 ACM Symposium North Dakota) – Proceedings of the 2001 ACM Symposium on Applied Computing – ACM Special Interest Group on on Applied Computing – ACM Special Interest Group on Applied ComputingApplied Computing