Security game: Playing for keeps
- By Andreas Uiterwijk
- Dec 19, 1999
Would you be interested in a way to train network administrators about security that is fun and inexpensive?
The Defense Information Systems Agency has produced a new interactive training CD that might fit the bill.
CyberProtect is an interactive game that enables players to practice the implementation of network security without actually placing their production network at risk.
Here's how it works: In the game you are a network administrator who has just set up a new network and operating system. You have six clients on the network, plus connections to the Internet and two other agency departments. What type of security do you need?
This sounds relatively easy, but here's the real-world catch: Your agency director has put a quarterly budget restraint on your network security spending. You must decide what to buy and when to buy it, as well as decide where on the network you'll get the most security bang for the buck.
You can select products such as backup software, firewalls, encryption software and even virus protection.
Each product comes in three levels of security - light, medium or high protection - with the prices rising accordingly. When you select a product, the appropriate amount from the budget is removed for that quarter. Then you install the products by dragging and dropping their icons onto an online diagram of your network.
Here's where the fun starts. The program simulates attacks on your network and then rates you on the quality of your protection scheme.
This scenario goes on for four quarters. During this time you can add more products to the network and upgrade existing products. Each quarter, different types of simulated network attacks are invoked. At the end of the game you receive a final score.
CyberProtect will not cause the makers of the popular computer game Doom to lose much sleep, but it is a useful training tool for introducing less experienced network administrators to security issues.
The game is easy to use and set up, and the concepts are easy to understand and administer.
But be aware: If your existing network administrator cannot achieve a percent score in the high 90s on the first go around, then you better get him into some real training classes in a hurry.
For information on ordering CyberProtect, visit www.disa.mil/infosec/dodfm2.html.