The Tenable blog has an account of a high school cybersecurity exercise held in October 2009
The exercise was held at Battlefield High School, in Virginia in the USA. The author of the blog piece helped organise and run the exercise (he is a security consultant).There is a second isntallment here.
His conclusions included:
– “It is important as a defender to know what purposes your systems serve, and what they should be doing. ”
– have proper outbound as well as inbound filters. “Once attackers compromise a system, they need a way back out in order to maintain control of that system. If you have a strict outbound policy it can do two things that help make defense easier”.
– check your logs!
– SQL injection still works…
– dont overlook the obvious: the winner of the competition hacked in by guessing a password, then putting on a visible Python script, named to look like a system file, which one of the Blue teams ever discovered.