Department of Computer Science
2013 At-Large Regional CCDC Virtual Event
The ASSERT Center at UAF is hosting the 2013 At-Large Regional Collegiate Cyber Defense Competition (CCDC) virtual event. The dates of the event are march 1 - 3, 2013 and the winner gets a FREE trip to the 2013 Deloitte NCCDC event in San Antonio, TX (2013 Deloitte NCCDC).
We will soon be sending out a packet of rules for the 2013 At-Large Regional CCDC virtual event. We will also be giving each team a bit of time (TBD) to use the virtual lab before the event so students can get acquainted with the VMWare system.
Each team in a CCDC event is given a set of IT resources (e.g., servers, workstations, and networks) and then charged with defending those resources while maintaining critical business services (e.g., a functioning and uncompromised web server). During the event the red team will actively attempt to compromise each team's resources, and the white team will periodically give each team a business task to complete (known as an "inject").
What to Expect
At the start of the event you will be given an information packet about your new IT resources, including a network map, usernames/passwords, and the required services that your team is responsible for maintaining. It is very common for teams to have experience with some portion of these resources, and to have to research other parts (e.g., a given team may have good Windows workstation and server skills, but little background in the configuration of routers). It is very unlikely that any team will have in-depth knowledge of all of the technologies used during the event, and teams that can work well together and quickly research relevant topics generally perform more effectively than teams with in-depth knowledge of a few specific areas.
At the start of the event the required services will be running, although they may not be configured correctly or securely. Each team will need to quickly assess the state of its network and then start to manage their resources based on the priorities they identify.
You can expect to see a mix of technologies and services during the competition, and each team is free to substitute their own favorite version of a service for one they are given at the start of the event (for example, each team may be given an IIS web server, but may choose to then install an Apache server to serve the required web site. You can expect to see the following types of services:
Operating Systems: Windows (XP, 2003, Vista, 7, and 2008), Ubuntu Linux, and CentOS Linux
Services: For example, web, email, DHCP, DNS, Windows Domain, SSH, FTP, telnet, database (e.g., MySQL, PostgreSQL).
Network Equipment: Physical Cisco routers and routers, and software based routers (e.g., Zebra based linux routers)
Teams can consist of up to 8 students from an institution, up to two of which may be graduate students. The nation rules require that each participant is a full-time student. We would like to remain as close to those rules as possible, but institutions who are having trouble forming a team within those constraints should contact Brian Hay immediately to discuss options for ensuring that each school can field a team.
This event will be run virtually, meaning that each team will remain at their home institution, but that all systems will reside and be executed on servers in the ASSERT Lab. Teams will connect to their designated systems using a Windows application, so each team will need a room in which they have access to Windows workstations/laptops and the Internet. You should select a room/lab/classroom in which the team can participate in the event without distraction from, or other interaction with, other people, and in which you have plenty of room to organize and work.
A test of the connectivity to the ASSERT Lab will be conducted with each participation institution prior to the event - please contact Brian Hay to schedule a test at your institution.
The rules for the national event can be found here, and our event will use these rules as a baseline. The most important rules for this event are:
A team may not receive assistance from any non-team member during the event. This means no electronic (e.g., phone, chat, and/or email) or in-person discussion of the competition with anyone other than the white team, event organizer, and red team (if you choose to do so) during the event.
Internet resources such as FAQs, how-to.s, existing forums and responses, and company web sites are completely valid for competition use provided there is no fee required to access those resources and access to those resources has not been granted based on a previous purchase or fee. Only resources that could reasonably be available to all teams are permitted. For example, accessing Cisco resources through a CCO account would not be permitted but searching a public Cisco support forum would be permitted.
Teams may not use any external, private electronic staging area or FTP site for patches, software, etc. during the competition. All Internet resources used during the competition must be freely available to all other teams.
Network traffic generators will be used throughout the competition to generate traffic on each team.s network. Traffic generators will generate typical user traffic as well as suspicious or potentially malicious traffic from random source IP addresses throughout the competition.
Teams must maintain specific services on the .public. IP addresses assigned to their team . for example if a team.s web service is provided to the .world. on 10.10.10.2, the web service must remain available at that IP address throughout the competition. Moving services from one public IP to another is not permitted however teams are free to NAT addresses inside their team networks.
If you have questions about these rules, or how/if a specific rule from the national CCDC rules page may apply to this event, please contact Brian Hay.
The Red Team
The Red Team is your adversary for the CCDC event, and will spend their time trying to compromise your systems. Red team members are experienced penetration testers with an understanding of the educational goals of the CCDC event. They will attempt to distribute their efforts fairly across all of the competing teams, and if they compromise a system they may either use that as a foothold for further exploration or exploitation, or may make some change to the compromised system (e.g., modify a web page on your web server, or shutdown a service). If the red team successfully compromises one of your systems your team will lose points, but up to 50% of those lost points can be reclaimed if a team reports the compromise, including the method used and a suitable solution to prevent further compromise in that manner.
The White Team
The White Team will provide teams with the business injects during the event, and will also manage the scoring of the event, including assigning points for system compromises, successfully completed business injects, and any compromise reports submitted by teams. Those individuals identified by the event organizer as White Team members can be completely trusted during the course of the competition.
A "scoring engine" will be used during the event to perform automated service checks. For example, the scoring engine may periodically attempt to retrieve one of the required web pages from each web server, and points will be deducted from the team score if such a check fails. The required services will be fully described to in the information packet given to each team at the start of the event. Teams will also be given an indication of whether the scoring engine shows their required services to be available or not. Overall scores and rankings for the 2010 event will not be publicized, but each team will receive feedback on their performance if they request it at the end of the event.
Each team will be given a workstation which is outside their team network. This workstation will allow each team to view the state of their systems and services from outside their team network (i.e., from the same perspective as the "public", the red team, and the scoring engine). This workstation will run the Backtrack distribution, and the team is not required to defend this workstation from attack by the red team.
Support for the 2013 event was provided by:
If you have other questions about the event please let me know.
Search the CS and related UAF webservers with Google Co-op:
UAF Research Organizations
Fairbanks Doppler Radar (Pedro Dome)