The SANS Institute and Sophos Penetration Test will use examples of real life cyber attacks to assess competitors’ knowledge of infrastructure security.
The new competition includes a focus on the kind of vulnerabilities within domain name systems (DNS) that allowed the websites of more than 200 companies including The Daily Telegraph, UPS and Vodafone to be attacked by Turkish hackers earlier this month.
DNS works like a telephone book, translating normal web addresses into a computer-readable code. Cyber criminals can attack a web address via the domain name company which registers the site.
Whilst the sites themselves remained unaffected, attacks on the DNS alter the flow of internet traffic, diverting users to another site entirely, where their private information can be extracted and malware installed on their system.
Owners of the site are sometimes unable to correct the change for several days, whilst all emails sent during the attack to addresses registered with the site are diverted to wherever the hackers want.
Vital to integrated security
James Lyne, director of technology strategy at Sophos, said: “The impact the Turkish attacks had on established corporate websites highlights that DNS and web-servers are an increasingly vital part of an integrated security strategy.
“The next generation of cyber defenders must be well versed in these systems as part of their broad understanding of cyber threats and have the skills to safeguard and protect them.
“This is why we’ve worked with SANS Institute to develop this competition for the Cyber Security Challenge UK.
“We are hoping to find people who can handle these situations, identify and remove vulnerabilities and put in place strategies to minimise both the time a system is compromised and the ultimate risk to its users.”
The competition itself takes the form of a quiz testing candidates’ knowledge on a broad range of topics related to managing infrastructure securely, and their ability to identify and remediate flaws that could be abused.
Competitors will require knowledge on networking, websites, databases and email servers on multiple operating systems and platforms.
Counter attack strategies
Terry Neal, EMEA director, SANS Institute, said: “Some competitors may be surprised to find a quiz based penetration test rather than the usual format which sees attacks fired at a system to uncover weaknesses.
“We are trying to test their knowledge of a broad range of potential vulnerabilities and assess how they put their expertise to use.
“In this way we are examining the aptitude to develop counter attack strategies as well as the raw knowledge of the technologies that will serve candidates well in later rounds of the Cyber Security Challenge UK.”
The overall winner of the SANS Institute and Sophos Penetration Test will be amongst those awarded career enhancing prizes such as internships in leading companies, membership of professional bodies, places on private sector security training courses such as those run by SANS Institute and funding for masters-level university courses.
The winner and a number of other high achieving candidates will qualify for the next stage of the Challenge, the SAIC CyberNEXS-King of the Hill competition, in January.
Once here, competitors will be asked to put the knowledge they demonstrated in the previous round into practice and use it against each other in a series of face-to-face showdowns.
