Want security? Go back to the basics
Today Mubix published this presentation in Google Docs. I post it again in my blog as it is a shared resource and the contents are really interesting.
In my opinion, the CCDC is really similar to what you can find in a real world company, when there is no clear security posture and they are getting badly owned (sadly it is more common than what we may imagine). Therefore, it is a great scenario to implement the very basic security techniques to prevent your boat from sinking :)
I would resume the slides with a few simple ideas:
- Keep it organized. The chaos is your worst enemy.
- Define specific rolls for each area. Nobody is perfect and knowledgeable in all the fields: physical security, networks, Windows, Unix, etc…
- Risk prioritization. Close the blatant holes and change the default passwords. As he says, nobody is going to drop an 0day. They will first try the common exploits against your servers.
- Keep sense of the logs and the running processes!