INFORMATION SYSTEMS SECURITY ASSESSMENT

UNIVERSITY OF ADVANCING TECHNOLOGY CYBER WARFARE RANGE

PREPARED BY:
Black Net Security
i

SECRET//REL USA, University of Advancing Technology

1 EXECUTIVE SUMMARY

The following report was written by employees of Black Net Security company. The
company was engaged by the University of Advancing Technology to complete an assessment
on the Cyber Warfare Range, to proactively fight against any threats that may become present.
The Cyber Range is the main classroom that houses the infrastructure used to teach the students
how to defend a network.
Using two standard methodologies, the team assessed the Cyber Range both technically
and physically. This report addresses the findings and recommendations that came up during the
scope of the project.
Interviews, vulnerability scans, and a campus tour were conducted to fully understand the
layout and the operations of the Cyber Range. The team was broken down into groups to divide
the assignment and to stay on schedule. While the systems were being evaluated, concerns were
expressed and reoccurring security issues were mentioned. Both of which are noted in the
findings within the appendices. Each of the findings has a recommendation on how to mitigate
each risk.
Recommendations identified in this document are based upon the team's professional
knowledge and the information received from the results of the examination. Any mitigations
taken by the University is at their own discretion. The team at Black Net Security is not
responsible for any future negative outcomes that may occur.

2 POINT OF CONTACT

Scott Swenka UAT Network Security Professor

profswenkauat@gmail.com sswenka@uat.edu

3 CONTENTS

ii

SECRET//REL USA, University of Advancing Technology

1 EXECUTIVE SUMMARY ...................................................................................................................
ii

2 POINT OF CONTACT..........................................................................................................................
ii

4 INTRODUCTION .................................................................................................................................
1

5 DISCLOSURE .......................................................................................................................................
1

5 BLACK NET SECURITY

..................................................................................................................... 1

6 PROJECT SCOPE
................................................................................................................................. 2

7 METHODOLOGY OVERVIEW
.......................................................................................................... 2

8 INTERVIEWS
....................................................................................................................................... 3

9 UNIVERSITY OVERVIEW
................................................................................................................. 4

9.1 UAT Mission Statement:

................................................................................................................ 4

10 CRITICAL INFORMATION TYPES ...............................................................................................

5

10.1 Impact Attributes: .......................................................................................................................

5

10.2 Impact Values: ............................................................................................................................

6

11 ORGANIZATIONAL INFORMATION CRITICALLITY MATRIX .............................................. 6

12 SYSTEM INFORMATION CRITICALLITY ..................................................................................

7

13 SYSTEM DESCRIPTION .................................................................................................................

7

13.1 Network Diagram .......................................................................................................................

7

iii

SECRET//REL USA, University of Advancing Technology

14 INFOSEC VULNERABILITY ANALYSIS .....................................................................................
8

14.1 VULNERABILITY FINDINGS .................................................................................................

8

15 PHYSICAL SECURITY ASSESSMENT .........................................................................................

8

15.1 Introduction .................................................................................................................................

8

15.2 Methodology ...............................................................................................................................

8

15.3 Identification of Risks .................................................................................................................

9

15.4 Physical Security Findings ..........................................................................................................

9

16 CONCLUSION ..................................................................................................................................
9

APPENDIX A TEP/Vulnerability Scans .................................................................................................

10 APPENDIX B System Diagrams
............................................................................................................. 11

APPENDIX C Organizational Vulnerability Criticality Matrix ..............................................................

12

APPENDIX D Framework and Regulations ............................................................................................

13

APPENDIX E - High Criticality Findings ..................................................................................................

14

APPENDIX F - Medium Findings ..............................................................................................................

15

APPENDIX G - Low Findings ...................................................................................................................

20

APPENDIX H - Physical Security Findings ...............................................................................................

21

APPENDIX I - The Black Net Security Team............................................................................................

24

iv

SECRET//REL USA, University of Advancing Technology

ii

SECRET//REL USA, University of Advancing Technology

4 INTRODUCTION

This report shall serve as an assessment using two methodologies that cover systems and
policies managed by the University of Advancing Technology (UAT) Cyber Warfare Range
(CWR). This report is generated by the Black Net Security team during in the year of 2017. The
team was distributed into three distinct groups to disseminate the work load and fulfill all the
assessment assignments and objectives.
Any findings in this report are merely recommendations, and should be made available to
the by governing authorities of UAT on a need-to-know basis. This document is proprietary
information of UAT and must be treated as confidential information within the sphere of
Network Security (NTS) degree and authorized university officials. Any reproductions of the
report must get approval from the faculty of CWR and/or the Dean of the School.
Any future actions made by UAT whether guided by this report or not is strictly
voluntary and does not implicate or incriminate any members of the Black Net Security team.

5 DISCLOSURE

Full implementation of any recommendations included in this report cannot guarantee that
the UAT campus or the surrounding areas will be fully crime or risk-free. This document is
meant as a guide to reduce potential incidents and provide a roadmap in assisting with the
aftermath. It is the belief of the company that security equipment is only a portion of the total
security system of any organization. Additional components of the overall security strategy
must include the application of existing policies, procedures, and processes. The selection,
recruitment and the retention of security staff, staff supervision, training, participation, and
communication with the administration and stakeholders will best be achieved with the
involvement of law enforcement. Black Net Security is not liable for any future negative
outcomes resulting from mitigations which are at the discretion of the University.

5 BLACK NET SECURITY

Black Net Security was founded with over 20 years of experience in the security industry.
We specialize in Network Hardening, Systems Analysis and Disaster Recovery. Our mission is
to secure and retain the integrity of computer networks and systems. The company is located in
the state of Arizona and is open seven (7) days a week for customer convenience.

SECRET//REL USA, University of Advancing Technology

6 PROJECT SCOPE

The following statement encompasses the Scope for conducting a comprehensive

assessment of UATs security operations. The purpose of this document is to provide an analysis
and recommendations of the Universitys Cyber Security Network. Observation of industry
standards and best practices are considered in the assessment. Key components of this plan
include significant pre-survey coordination and review efforts. On-site work activities include:
Reviewing polices and security organizational structure, management, and staffing levels
including: job descriptions, schedule deployment complaints and internal discipline processes.
Analyzing data regarding calls for service, responses, and reported incidents of a security nature
at the campus has also been conducted.
Reviewing existing security camera systems and noting any blind spots or deficiencies in
the placement and/or coverage of the cameras. Also noting any malfunctioning or inoperable
units within the area of the CWR.
Analyzing the systems within the CWR for any vulnerabilities that can be exploited along
with any file documentation on hand. The process will also examine the comparability of
resources at institutions like UAT to the extent of similarity of campus demographics and
national averages.

7 METHODOLOGY OVERVIEW

The two methodologies used in this assessment are the National Security Agencys (NSA)
Information Security (INFOSEC) Assessment Methodology (IAM) and the INFOSEC
Evaluation Methodology (IEM). These systematic methodologies are fundamentally different.
When used together they can determine a wide range of security vulnerabilities from an
organizational as well as a technical point of view.
The three phases of IAM are the Pre-Assessment, On-Site Assessment, and PostAssessment.
The IAM procedures for this assessment will include interviews with key Cyber Range and
University personnel, a review of physical security, and organizational meetings every week.
These are followed by the three phases of IEM which include: The Pre-Evaluation Phase, On-
Site Evaluation phase, and the Post-Evaluation phase.
Some of the procedures that our team used to fulfill IEM objectives included a vulnerability
scan of the entire environment, determining critical information types, and an evaluation of any
false positives. The IEM focuses on the more technical environment of an organization and
usually follows the IAM which assesses the organizational aspects. IAM relates to the policies
and procedures and IEM evaluates the technical environment of the organization.

SECRET//REL USA, University of Advancing Technology

8 INTERVIEWS

The following is a summary of what was discussed in the formal interviews:

Physical security is a huge concern among the interviewees. They have concerns
with not having locks on any of the doors leading to the CWR. Currently, there is access
to everyone on the campus - however not everyone can log into the systems. Keycard
locks have been recommended.
There is minimal camera and staff monitoring of the systems. Two cameras are
placed outside the CWR but can easily be circumvented. Security conducts hourly
sweeps but does not physically walk into the CWR. One camera has been requested in the
server room and a more extensive sweep of the area.
Another concern is the power supply which is placed in front of the door to the
hall. It is the only power to the server room. The humidity control within the air
conditioning unit has been known to fail. Redundant power and an updated A/C has been
recommended.
There is documentation on the system setup but little to none on disaster recovery.
It was mentioned that there has not been documentation for many years. Creating a
disaster recovery plan has been recommended.
Also, minimal backups are performed on the system. There has been talk about
moving part of the system downstairs to the main IT department. IT has no role in the
setup of the CWR and has minimal communication with the staff. Some have had
concerns and others are okay with this setup.
Recent system malfunctions have occurred, including multiple drive failures
within the primary storage and in the forensics systems. Due to communication issues,
too much time had passed before the problem could be resolved which resulted in data
corruption and significant information loss. Backup drives on site has been
recommended.
Inactive users no longer with UAT are never purged from the directory. One
interviewee had concerns that there have been some accounts lost or deleted. The Active
Directory has not been refreshed in many years and it should not have lost certain
accounts.
CWR Interns get extensive training which includes going through a network
defense and countermeasures competition (currently known as the Scooby Doo
Challenge) and with classes that are required for the position.
Lockers are implemented for high value and legacy systems, along with student
projects.

SECRET//REL USA, University of Advancing Technology

 Budget for the CWR goes through main IT. There is no concern about not having
enough money. Management is responsible for getting what the departments need.
9 UNIVERSITY OVERVIEW

UAT was founded in 1983 to provide a school for the new field of computer-aided design.
Throughout the 1990's, the school expanded to include other degrees of computer technology
including: Virtual Reality, Computer Science, Game Design/Programming, and Network
Security.
Today, UAT is among one of the highest rated technological focused Universities in the
country and is accredited by several different organizations. The student teams at UAT that
participate in municipal, state, and regional cyber security competitions regularly win or place
high in the competition.
A state of the art cyber security lab was created at UAT in the year 2010. Previously known
as the "Cyber Cave" or "Cyber Security Range", this lab allows students the ability to create
projects on a virtualized environment. This environment has never had an IAM/IEM assessment,
and Black Net Security was tasked with performing this assessment.
Academic centers are unique places with communities composed of directed individuals
challenged with study, learning, teaching and research. Therefore, it is important to recognize
and consider such distinctiveness in developing meaningful comments and recommendations
relative to safety and security therein.
The pursuit of higher education by students, faculty to teach and research, and staff that
works in support of academic endeavors should not be impeded by unreasonable concerns about
safety or security of self or property. It is the intention of the University to insure this is reality.
This study is undertaken not in response to a given crisis or event that has altered the college
community, but rather proactively to ensure and promote the advantages of the benefits of higher
education to all members of the community.

9.1 UAT MISSION STATEMENT:

To educate students in advancing technology who innovate our future.

SECRET//REL USA, University of Advancing Technology

10 CRITICAL INFORMATION TYPES

System Documentation
Group Policy Information
Deployment Procedures
Security Protocols
CWR Use Statement and Policies

10.1 IMPACT ATTRIBUTES:

Confidentiality, Integrity, and Availability (CIA) triad is an industry standard model
designed for security policy development. It is used to ensure that all information stored within
the company is safe and secure.
Confidentiality:
Protecting information from access by unauthorized individuals or entities.
Confidentiality is a hallmark for higher education, banks and military Integrity:
Safeguarding the accuracy and completeness of any information or software. This
includes technical controls such as hashing or organizational controls such as
management oversight. Critical decisions are based on the data received and is weighted
by its integrity Availability:
Having access to data at a rate, and having access to the information when
needed. Service-level agreements(SLA) has an enormous impact on the amount of
availability the host must make

SECRET//REL USA, University of Advancing Technology

10.2 IMPACT VALUES:
High:
Unavailability of critical information systems for students that exceeds an hour
Any personal injury or loss of life
Any unauthorized dissemination of sensitive student or system data
Trending on social media, state publications and/or national publications

Medium:
Unavailability of critical information systems for students between 5-59 minutes
A negative connotation in any local publications

Low:
Unavailability of critical information systems for students for less than 5 minutes

11 ORGANIZATIONAL INFORMATION CRITICALLITY MATRIX

Confidentiality Integrity Availability

Systems Documentation H H L

Group Policies H H L

Deployment Procedures M H H

Default Password Lists H H L

12 SYSTEM INFORMATION CRITICALLITY

SECRET//REL USA, University of Advancing Technology

FACTS Confidentiality Integrity Availability

AD01 M H M

AD02 M M M

V-Center L H H

NAS L M H

Paraben M H H

FREDS L H H

Rifters L M H

OCVM is available in APPENDIX C

13 SYSTEM DESCRIPTION

The CWR has 27 primary workstations (one dedicated for teachers) [commonly known as
RIFTERS], 16 Forensic Recovery and Evidence Devices (FRED) [15 of which are functioning],
and a capacity of 200-250 virtualized workstations used for multiple courses. Each physical
workstation has 16 gigabytes of RAM, 500 gigabytes of storage, runs on Windows and has
various software applications. There are 8 physical and several virtual servers dedicated to the
operations of the CWR. The primary virtualization cluster consists of three physical servers each
having 512 gigabytes of RAM, a small internal drive of about 300 gigabytes, and 16 processors
per host. All have a high-speed link to the Network Attached Storage (NAS) device which is a
40-gigabit pipe. The NAS has 6 gigabytes of RAM and 26 terabytes of physical storage, however
only 18 are used due to a RAID configuration. The CWR has two primary active domain
controllers running with Windows Server 2012. Two of FREDs run server 2008 for proprietary
reasons.

13.1 NETWORK DIAGRAM

See Appendix B
14 INFOSEC VULNERABILITY ANALYSIS
7

SECRET//REL USA, University of Advancing Technology

 Our vulnerability scans on the FRED network (192.168.6.xxx) showed that only two FRED
hosts out of 16 responded to ICMP host discovery used in our vulnerability scans. All other
FRED systems have been configured in a manner to explicitly deny ICMP host discovery
Tactics. The scan of the RIFTER network (192.168.5.xxx) only revealed one RIFTER host out of
27.

14.1 VULNERABILITY FINDINGS

See Appendix E - G

15 PHYSICAL SECURITY ASSESSMENT

15.1 INTRODUCTION
In March of 2017, the Black Net Security team was commissioned to assess the UAT
CWR. The objective of the assessment was to identify deficiencies in the Cyber Security
operations of the University that could impact the overall security or safety of the faculty,
students, staff and/or facilities. The findings in Appendix H details the observations, findings,
and recommendations of the Black Net Physical Security Team in support of these assessment
efforts. The team conducted interviews and a walk around campus to determine any
vulnerabilities or security risks within the CWR.

15.2 METHODOLOGY
This assessment process included a physical survey of key areas across the campus of the
college and a review of campus security operations and current security technologies. We had
discussions with administrators and security staff.

15.3 IDENTIFICATION OF RISKS

Risks to services, resources and property might generally be divided into these broad
categories:

SECRET//REL USA, University of Advancing Technology

 Unauthorized access to campus grounds and facilities
Security personnel staffing
Level of current security camera system operational capacity and effectiveness
Unlocked and unmonitored Cyber Warfare Range server room access at any time
Lack of security visibility throughout the university via camera or security personnel

15.4 PHYSICAL SECURITY FINDINGS

See APPENDIX H

16 CONCLUSION

Overall, the IAM and IEM steps that were performed at the UAT CWR were successful.
These assessments were performed by the Black Net Security team to better assess the security
posture of the CWR. This report clarified the diverse types of critical information that exist in the
environment including system documentation, deployment procedures, and default password
lists. This assessment also covered vulnerability scans of the CWR environment that were
included in APPENDIX E & F. The results of the scans were sorted by severity of the
vulnerabilities. The three categories were High, Medium, and Low. Only two vulnerabilities
were rated as high, ten vulnerabilities were rated as medium and twelve vulnerabilities were
rated as low or negligible. The physical security of the CWR was inspected and found a few
physical security vulnerabilities that exist. It is our recommendation that these vulnerabilities can
be fixed with simple policy changes, adjusted security, and better communication with the
campus security and IT staff.

SECRET//REL USA, University of Advancing Technology

 APPENDIX

A TEP/VULNERABILITY SCANS

caveScanReport. Scan of Freds.p

10

SECRET//REL USA, University of Advancing Technology

 APPENDIX

B SYSTEM DIAGRAMS

CWRVisiov2.vsdx

Savlowitz-David-Cr-Range-Cluster-N

11

SECRET//REL USA, University of Advancing Technology

 APPENDIX

C ORGANIZATIONAL VULNERABILITY
CRITICALITY MATRIX

12

SECRET//REL USA, University of Advancing Technology

 APPENDIX

D FRAMEWORK AND REGULATIONS

Cyber Security CaCAE_CDE_criteria.

Intern Framework

13

SECRET//REL USA, University of Advancing Technology

 APPENDIX

E - HIGH CRITICALITY FINDINGS

Finding: 1 (Fred 192.168.6.23)

Title: SMBv1 Unspecified Remote Code Execution (Shadow Brokers)
Rating: High
INFOSEC Category: Authentication
CVE: CVE-2016-6366
CVSS: 10
Description: The supported Windows host is supporting SMBv1, which is prone to an
unspecified remote code execution vulnerability disclosed by the Shadow Brokers group.
Recommendation: Disable SMBv1 and/ or block all versions of SMB at the network boundary
by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139 for all
devices.

Finding: 2 (Fred 192.168.6.1)

Title: HTTP Brute Forcing Logins with Default Credentials Reporting
Rating: High
INFOSEC Category: Identification and Authentication
CVE: N/A
CVSS: 9.0
Description: It was possible to login into remote Web Application with the following credentials
I.e. Administrator: admin, and Manager: CUGNOS.
Recommendation: Change and strengthen password. Use HTTPS if possible.

14

SECRET//REL USA, University of Advancing Technology

 APPENDIX

F - MEDIUM FINDINGS

Finding: 3 (Fred 192.168.6.23)

Title: DCE Services Enumeration Reporting
Rating: Medium
INFOSEC Category: Identification
CVE: N/A
CVSS: 5.0
Description: Remote host Distributed Computing Environment (DCE)can be enumerated by
connecting on port 135 by doing appropriate queries. This may give an attacker more knowledge
about the remote host.
Recommendation: Filter incoming traffic to this port.

Finding: 4 (Rifter 192.168.5.1)

Title: SSH Weak Encryption Algorithms Supported
Rating: Medium
INFOSEC Category: Authentication
CVE: N/A
CVSS: 4.3
Description: The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys. This cipher is
believed to be compatible with the RC4 cipher. Both encryption methods have problems with
weak keys and should not be used anymore. This can make it easy for an attacker to recover
plaintext from a block of cyphertext.
Recommendation: Mitigate all weak encryption algorithms. Set a requirement of using strong
encryption algorithms.

15

SECRET//REL USA, University of Advancing Technology

Finding: 5 (Rifter 192.168.5.1)
Title: SSL/TLS: Report Weak Cipher Suites
Rating: Medium
INFOSEC Category: Identification, Authentication
CVE: CVE-2013-2566 and CVE-2015-4000
CVSS: 4.3
Description: Per the report, the port has weak SSL/TLS cipher suites. The SSL/TLS is only
providing the deprecated SSLv3 protocol and support for one or more ciphers. This host is prone
to an information disclosure vulnerability. SSL/TLS certificate chain is using a cryptographically
weak hashing algorithm.
Recommendation: Configuration should be changed to not accept weak cipher suites. Disable
the deprecated SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Update SHA-2
signed SSL/TLS certificates to avoid web browser SSL/TLS certificate warnings.

Finding: 6 (Fred 192.168.6.23 & 192.168.6.1)

Title: SSL/TLS: Report Weak Cipher Suites
Rating: Medium
INFOSEC Category: Encryption
CVE: CVE-2013-2566 and CVE-2015-4000
CVSS: 4.3
Description: Some services found on the network have accepted weak SSL/TLS cipher suites.
The following service accepted these suites via TLSv1.0, 1.1, and 1.2 protocols.
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
Recommendation: The configuration of these services should be changed in such a way that it
will no longer accept cipher suites listed above.

16

SECRET//REL USA, University of Advancing Technology

 APPENDIX

17

SECRET//REL USA, University of Advancing Technology

Finding: 7 (FRED 192.168.6.1)
Title: SSL/TLS: Deprecated SSlv2 and SSLv3 Protocol Detection
Rating: Medium
INFOSEC Category: Encryption
CVE: N/A
CVSS: 4.3
Description: The service is providing a deprecated SSLv3 protocol and supports one or more
ciphers. This can provide an attacker access to eavesdrop in the connection between clients and
the service. The attacker could get access to sensitive data being transferred.
Recommendation: Disable the deprecated SSLv2 and/or SSLv3 protocol in favor of the
TLSv1+ protocols.

Finding: 8 (Fred 192.168.6.1)

Title: SSLv3 Protocol [POODLE]
Rating: Medium
INFOSEC Category:
CVE: CVE-2014-3566
CVSS: 4.3
Description: This host is prone to an information disclosure vulnerability. A successful
exploitation would allow man-in-the-middle attacks to have access to plain text data. This
vulnerability is caused by block cipher padding not being deterministic and is not covered by
Message Authentication Code.
Recommendation: It is recommended that SSLv3 and cipher suites supporting CBC cipher
modes should be disabled to mitigate the potential risk presented.

18

SECRET//REL USA, University of Advancing Technology

Finding: 9 (Fred 192.168.6.1)
Title: SSH Weak Encryption Algorithms Supported
Rating: Medium
INFOSEC Category: Encryption
CVE: N/A
CVSS: 4.3
Description: The remote SSH server is configured to allow weak encryption algorithms between
the client-to-server and server-to-client. This weak encryption can allow an attacker to recover
plaintext from a block of cyphertext.
Recommendation: Disable the weak encryption algorithms.

Finding: 10 (Fred 192.168.6.23)

Title: Certificate Signed Using a Weak Signature Algorithm
Rating: Medium
INFOSEC Category: Encryption
CVE: N/A
CVSS: 4.0
Description: The remote service is using a SSL/TLS certificate chain that has been signed using
a weak hashing algorithm. The algorithm SHA-1 is considered weak, and is not considered
secure enough for ongoing use. Beginning as late as January of 2017, and as early as June of
2016, browser developers will begin waring users using these
certificates.
Recommendation: Servers using SSL/TLS certificates signed with SHA-1 will require SHA-2
signed SSL/TLS certificates to avoid these warnings.

19

SECRET//REL USA, University of Advancing Technology

Finding: 11 (Fred 192.168.6.23)
Title: SSL/TLS: Diffie-Hellman Key Exchange Vulnerability
Rating: Medium
INFOSEC Category: Encryption
CVE: N/A
CVSS: 4.0
Description: The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (Key
Size: 2048). The server temporary key size is 1024 bits. Thus, an attacker could be able to
decrypt SSL/TLS communications offline.
Recommendation: Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (CDHE) or use a 2048bit
or stronger Diffie-Hellman group.

Finding: 12 (Fred 192.168.6.1)

Title: SSL/TLS: Certificate Signed Using a Weak Signature Algorithm
Rating: Medium
INFOSEC Category: Encryption
CVE: N/A
CVSS: 4.0
Description: The SSL/TLS certificate is using a cryptographically weak hashing algorithm. As
of January 2017 and early June 2016, browser developers began warning users when web sites
that use SHA-1 signed Secure Socket Layer (SSL) certificates.
Recommendation: Obtain a new SHA-2 signed SSL/TLS certificate to avoid web browser
SSL/TLS certificate warnings.

APPENDIX G - LOW FINDINGS

20

SECRET//REL USA, University of Advancing Technology

 FRED Low
Findings.docx

LOW Findings were negligible. They are available in a separate document provided with
Appendix G.

21

SECRET//REL USA, University of Advancing Technology

 APPENDIX H - PHYSICAL SECURITY FINDINGS

Aerial photo of the UAT campus. Also, floorplans of the first and second floors of the main
school building. Security camera placement is indicated by the green markers.

I. The Campus Parking Lot

Location East and West campus parking lots
Issue - Cameras at positions #2, #3, #5, #6 and #7 are non-functional. Any further reference
to these cameras will be based upon their assumed normal, fully functional state. The
interviewee also mentioned that 2 of the remaining operational cameras are currently failing.
Recommendation A system-wide upgrade of UATs outdoor security camera system is
necessary. At the very least, all security cameras must be replaced.

II. The Cyber Range Server Room

Location - Main building 2nd floor, positions #16 and #17
Issue - This door is unlocked, allowing unauthorized access to servers, power, climate
control, and other equipment essential to the operation of the Cyber Range. The power
supply box for the entire room is immediately in front of the server room door.
Recommendation - Secure this room by restricting access with an RFID key tag system
managed by and distributed to the appropriate personnel of the Cyber Range.

22

SECRET//REL USA, University of Advancing Technology

III. Security Camera: West Side Parking Lot
Location - West Side Parking Lot, position #6
Issue - There are 2 security cameras at this location, both non-functional.
Recommendation - Restore functionality through repair or replacement.

IV. Security Camera: East Side Parking Lot

Location - East Side Parking Lot, position #7
Issue - There are 2 security cameras at this location, both non-functional.
Recommendation - Restore functionality through repair or replacement.

V. Security Camera: Cyber Range Hallway

Location - the hallway between positions #16 and #17, main building 2 nd floor
Issue - There are 2 security cameras at this location, if an un-authorized person wears
something to obstruct the view of their face, they can access the Cyber Range while
remaining unidentified.
Recommendation - Secure this room by restricting access with an RFID key tag system
managed by and distributed to the appropriate personnel of the Cyber Range.

VI. The Known Universe

Location - Main building 2nd floor, position #18

Issue #1 - The sliding door allowing access to UATs The Known Universe server room
normally unlocked.
Issue #2 The angle the security camera right above the door to The Known Universe is
installed to monitor does not capture the door allowing access to this room.
Recommendation Reposition the existing camera to monitor the door to this room, or
install a camera specifically for this purpose.

23

SECRET//REL USA, University of Advancing Technology

VII. Security Camera: The Janitors Closet
Location Main building 2nd floor, near position #20

Issue The camera seems to monitor only the janitors closet, not the hallway leading to the
staircase. Someone who has gain un-authorized access to the building might be able to walk
through this area undetected by this camera.
Recommendation - Reposition the existing camera to monitor the hallway, or install a
camera specifically for this purpose.

VIII. Security Camera: The Patch Room

Location Main building 2nd floor, near position #21
Issue The camera seems to monitor only the Patch Room, not the staircase. Someone who
has gain un-authorized access to the building might be able to walk through this area
undetected by this camera by climbing the railing of the staircase and hugging the wall.
Recommendation - Reposition the existing camera to monitor the staircase, or install a
camera specifically for this purpose.

IX. Security Camera: Room 208

Location Main building 2nd floor, position #21
Issue The camera apparently monitors staircase going from the 1 st floor of the Commons up
to the 2nd floor of the main building. It seems to attempt to monitor the area in front of The
Known Universe server room, to include the elevators, the Robotics Lab, and the door to the
server room itself.
Recommendation install additional cameras to attain better coverage of this area and
eliminate

APPENDIX I - THE BLACK NET SECURITY TEAM

24

SECRET//REL USA, University of Advancing Technology

Project Lead: Amari Matthews

Documentation Team:
Adam C Brenden (Lead) John Downs
Mark Larocque Osvaldo Carrera
Wilson Antone Mark Cravens
Marlanena Saunders Raymond Harding

Physical Security Team:

Jawuane Brown (Lead) Issac Foster
Juan Wilbur

Technology Team:

Nathaniel Stringer (Lead) Eric Dodge

Justin Burden Jason Thorn

Natasha Vollman Brody Clark

Alden McGarvey

Interview Team:

Haley Crowell-Rodriguez (Lead) Marcus Smith

Megan Jordan Jacob White

25

SECRET//REL USA, University of Advancing Technology