Jon
09-19-07, 02:56 PM
http://frank.redpin.com/~urbex/tux.jpg
A few years ago, the U.S. Navy helped produce an interactive computer-based-training (CBT) tool covering an array of network security and information assurance issues. Designed in the form of a three-dimensional computer simulation (with a more than passing resemblance to The Sims), the resulting “game”, “CyberCIEGE”, provides a deceptively simple-looking tool for teaching students and staff the finer real-world nuances of computer (and physical) security. While the introductory, tutorial scenarios require little more than common sense to complete successfully, the difficulty increases dramatically as you progress through the program.
The program (I am hesitant to call it a game) quickly goes beyond relatively straightforward software security measures like antivirus programs to encompass the potentially overwhelming fullness of a complete security environment - physical security, physical and software access control, staff and employee training, and much, much more. It presents a seemingly never-ending supply of almost worst-case scenarios, where people are idiots, software (and hardware) have flaws, threats are constantly changing, budgets are too small, and you’re chronically unable to please everyone all of the time. Ah, the wonderful world of modern IT…
Despite the numerous, considerable virtues of this simulation, it was developed by and for the military, and is heavily tailored for its intended audience. (At least, the copy provided to me by a thoughtful contributor is; I’m not sure if educational users receive a less-government-centric version.) You have to deal with security clearances when considering access controls, for example, and come across frequent references to Privacy Act restrictions and the guidelines of the military’s Information Assurance program. There are even a few references to OPSEC, a subject always near and dear to my heart, as with this entertaining quiz question:
http://frank.redpin.com/~urbex/woodstein.jpg
(The correct answer, for what it’s worth, is “no”; you shouldn’t give interviews over the phone without confirming the identity of who you’re speaking with, or so says CyberCIEGE.)
That said, if you can overlook the government-centric aspects of the included scenarios, CyberCIEGE is a quite useful learning tool for anyone who works with computers for a living. Even if you only use them, and don’t administer them, spending an hour or two seeing what life is like on the other side of the help desk might give you a better appreciation for what your local geeks and nerds have to deal with for a living. The program itself is quite well documented, and the included “CyberCIEGE Encyclopedia” provides a wealth of information.
http://frank.redpin.com/~urbex/cyberencyclopedia.jpg
I haven’t looked at it too closely, but there’s a SDK available for download on the CyberCIEGE website; with it, you can edit the existing scenarios and even produce entirely new ones within the framework of the program’s engine. CyberCIEGE seems to be an excellent tool - or at least a very good tool with excellent potential - and I firmly believe that a knowledgeable security guru could produce some first-class scenarios and exercises for this program, tailored more to corporate or academic environments than military ones.
A somewhat out-of-date “demo” version of the program is available here, on the Naval Postgraduate School’s website; it doesn’t allow you to save your progress, nor play more than twenty minutes. (Some of the scenarios can take several hours to complete successfully.) A copy of the full, unrestricted program, nominally for use by military and government employees (and educational institutions) only, has thoughtfully been made available for download here (85MB .exe installer) or here (85MB zipped tarball of the installer, should you not be able to download executables.) Ah, you are a government employee or student, right?
CyberCIEGE’s computer requirements are minimal; Windows 2000, XP, or Vista is needed, with DirectX 9, a display adapter with at least 64MB video memory (I’m not sure if shared memory will work), and a display that does 1024×768 resolution. Though this is the latest version (1.8g, current as of August 2007), there are still a few bugs (hey, it’s government software, what do you expect?) but nothing too major. It’s available as a self-extracting installer, and includes instructions on how to create a “portable” version of the program meant to be played directly from a CD - but which should work fine on a portable USB drive as well.
http://cisr.nps.navy.mil/cyberciege/
A few years ago, the U.S. Navy helped produce an interactive computer-based-training (CBT) tool covering an array of network security and information assurance issues. Designed in the form of a three-dimensional computer simulation (with a more than passing resemblance to The Sims), the resulting “game”, “CyberCIEGE”, provides a deceptively simple-looking tool for teaching students and staff the finer real-world nuances of computer (and physical) security. While the introductory, tutorial scenarios require little more than common sense to complete successfully, the difficulty increases dramatically as you progress through the program.
The program (I am hesitant to call it a game) quickly goes beyond relatively straightforward software security measures like antivirus programs to encompass the potentially overwhelming fullness of a complete security environment - physical security, physical and software access control, staff and employee training, and much, much more. It presents a seemingly never-ending supply of almost worst-case scenarios, where people are idiots, software (and hardware) have flaws, threats are constantly changing, budgets are too small, and you’re chronically unable to please everyone all of the time. Ah, the wonderful world of modern IT…
Despite the numerous, considerable virtues of this simulation, it was developed by and for the military, and is heavily tailored for its intended audience. (At least, the copy provided to me by a thoughtful contributor is; I’m not sure if educational users receive a less-government-centric version.) You have to deal with security clearances when considering access controls, for example, and come across frequent references to Privacy Act restrictions and the guidelines of the military’s Information Assurance program. There are even a few references to OPSEC, a subject always near and dear to my heart, as with this entertaining quiz question:
http://frank.redpin.com/~urbex/woodstein.jpg
(The correct answer, for what it’s worth, is “no”; you shouldn’t give interviews over the phone without confirming the identity of who you’re speaking with, or so says CyberCIEGE.)
That said, if you can overlook the government-centric aspects of the included scenarios, CyberCIEGE is a quite useful learning tool for anyone who works with computers for a living. Even if you only use them, and don’t administer them, spending an hour or two seeing what life is like on the other side of the help desk might give you a better appreciation for what your local geeks and nerds have to deal with for a living. The program itself is quite well documented, and the included “CyberCIEGE Encyclopedia” provides a wealth of information.
http://frank.redpin.com/~urbex/cyberencyclopedia.jpg
I haven’t looked at it too closely, but there’s a SDK available for download on the CyberCIEGE website; with it, you can edit the existing scenarios and even produce entirely new ones within the framework of the program’s engine. CyberCIEGE seems to be an excellent tool - or at least a very good tool with excellent potential - and I firmly believe that a knowledgeable security guru could produce some first-class scenarios and exercises for this program, tailored more to corporate or academic environments than military ones.
A somewhat out-of-date “demo” version of the program is available here, on the Naval Postgraduate School’s website; it doesn’t allow you to save your progress, nor play more than twenty minutes. (Some of the scenarios can take several hours to complete successfully.) A copy of the full, unrestricted program, nominally for use by military and government employees (and educational institutions) only, has thoughtfully been made available for download here (85MB .exe installer) or here (85MB zipped tarball of the installer, should you not be able to download executables.) Ah, you are a government employee or student, right?
CyberCIEGE’s computer requirements are minimal; Windows 2000, XP, or Vista is needed, with DirectX 9, a display adapter with at least 64MB video memory (I’m not sure if shared memory will work), and a display that does 1024×768 resolution. Though this is the latest version (1.8g, current as of August 2007), there are still a few bugs (hey, it’s government software, what do you expect?) but nothing too major. It’s available as a self-extracting installer, and includes instructions on how to create a “portable” version of the program meant to be played directly from a CD - but which should work fine on a portable USB drive as well.
http://cisr.nps.navy.mil/cyberciege/