The words on the back of a t-shirt summed it up succinctly: “The best security is knowledge.”

Matt Ireland, senior security specialist at Harland Financial Solutions in West Des Moines, was wearing that shirt at a wireless cyber defense test in mid-June at Iowa State’s Information Assurance Center (IAC). He was one of 25 people from 23 companies on hand for the training exercise that used the Internet-Scale Event and Attack Generation (ISEAGE) facility to teach IT professionals how cyber attacks work and how to better defend their wireless networks.

More than 20 people took part in the training exercise at Iowa State’s Information Assurance Center (IAC).

“We learned about the tools to smoke out wireless access points in the office that aren’t supposed to be there,” Ireland says. “And being able to use the monitoring and auditing tools was a big help.”

Doug Jacobson, an Iowa State electrical and computer engineering professor, director of the IAC, and owner of Palisade Systems, Inc., says ISEAGE is a one-of-a-kind tool that makes computing safer by creating a virtual Internet for researching, designing, and testing cyber defense mechanisms.

Unlike computer-based simulations, ISEAGE gives researchers real attacks played out against real equipment, improving the understanding of attack characteristics and providing a better assessment of how security systems handle those attacks. The initial groups are using tests like the one in mid-June to learn about new techniques in a controlled environment. As ISEAGE moves forward, companies will be able to try new security paradigms to protect their organizations.

The latest test was part of a monthly meeting held by FBI-run InfraGard, which links public and private sectors.

Matt Ireland (black shirt) and Gary Churchill learn how cyber attacks work and how to better defend their wireless networks as part of the ISEAGE demonstration in mid-June.

Right now, tests like this are free so companies can get a better feel for how ISEAGE works. Jacobson says his group’s goal with the free demonstrations is to show potential clients how effective the product is.

Funding for ISEAGE comes from a $500,000 grant through the U.S. Department of Justice, but eventually, Jacobson says, the company will need to charge a fee to businesses, government agencies, and research companies who want to conduct experiments that mimic all types of security events, such as attacks from Trojan horses, viruses, and worms. The lab contains a variety of hardware systems and software applications that allows a company to come in and set up a test that matches its particular IT environment.

Jacobson says that many times when IT professionals think of simulating the Internet for testing, they think of a computer sitting in a barren room running modeling software. That’s not what ISEAGE does, he stresses. “This is a multi-node (64 nodes to be exact) computer that is modeling actual components of the Internet. It’s a lot different than running a simple simulation.”

Jared McLaren demonstrates how the training software works.

Gary Churchill, assistant vice president for information systems at Perishable Distributors of Iowa, Ltd., in Ankeny, was impressed with the simulation and says the test was quite a learning experience for him. “The first thing I found,” he says, “is how easy it is to break into wireless systems. But now I know there’s a method to monitor and curtail any problems you might have internally.”

Jared McLaren, who helped set up this round of testing, says the reaction was positive. “It’s good to get people working hands-on with these tools,” he says. “It makes a big difference when everyone can walk away feeling like they have something they can instantly apply.”