Page 1 of 3

CO1508 Computer Systems & Security – Week 02 –

Passwords, Patches and Mandatory Access Control (MAC)

Instructor Notes
Students are expected to finish these tasks in the following sequence:

• Finish the CyberCIEGE Passwords scenario and make sure no attacks take place and
the budget is over $58000.
• Finish the CyberCIEGE Patches scenario
• Finish the CyberCIEGE Mandatory Access Control and MAC Integrity scenarios
• Get started (if they haven’t yet) or continue working on their 1st assignment.

Passwords Scenario
This scenario is very simple. The trick is to play it multiple times and know when to stop the
game, configure the passwords’ policy and play again. This way they can prevent any attack
and keep the budget high.

Please refer them to “Press F1” for help. At this stage, they should start reading the help
pages and find the information they need.

Patches
Before students start playing this scenario, please play this movie:
https://my.nps.edu/static-content/cyberciege/11CIEGE.html

The patches scenario illustrates some issues related to the need to apply patches to
applications and operating systems. Players are also provided the opportunity to run a
“scan” on their systems to observe the presence of unpatched software.

Players are confronted with an environment where an IT support staff member is

responsible for maintaining a server, but there are no resources to manage patches for
individual user workstations. Users must patch their own workstations, and players must
provide the users with training to achieve this.

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 2 of 3

If players select “automatic updates”, they learn that these are not available for some of the
applications.

In the second phase of the game, the player must purchase a second server so that the IT
support staff can test patches before applying them.

Mandatory Access Control Scenario

The scenario is intended to illustrate the use of a multilevel server to enforce a MAC secrecy
policy. The scenario includes two LANs, two workstations and a multilevel server that
contains a shared low secrecy asset. One user must modify the asset, while the other user
must read the asset while modifying a high secrecy asset. Students must assign secrecy
labels to the multilevel server’s two LAN connections.

Please play this movie for students so they can understand multilevel secure components:

https://my.nps.edu/static-content/cyberciege/06CIEGE.html

The scenario a single phase and students are encouraged to play it multiple times.

The first play, students assign the correct labels to the multilevel server’s networks and
observe that the users achieve their goals and the high secrecy asset is not compromised.

Students are encouraged to play again, this time assigning the wrong label to the
unclassified network.

MAC Integrity Scenario

The scenario is intended to illustrate the use of a multilevel server to enforce a MAC
integrity policy. The scenario includes two LANs, two workstations and a multilevel server
that contains a shared high integrity asset. One user must modify the asset, while the other
user must read the asset while also using low integrity software and an internet connection.
Students must assign secrecy and integrity labels to the multilevel server’s two LAN
connections. The high integrity asset is unclassified, so both networks should have secrecy
labels of unclassified, otherwise old secret data will be compromised.

The scenario a single phase and students are encouraged to play it multiple times.

CO1508 Computer Systems and Security, UCLAN – 2019-2020

 Page 3 of 3

• The first play, students assign the correct labels to the multilevel server’s networks and
observe that the users achieve their goals and the asset is not compromised.
• Students are encouraged to play again, this time assigning a high integrity to the low
integrity network. An attacker breaks in the weakly protected area where the low
integrity workstation sits and compromises the high integrity data.

Directed Task
Finally, please encourage students to work on their assignment if they’ve any time left at
the end.

CO1508 Computer Systems and Security, UCLAN – 2019-2020