Most of the individuals who read by blog are most likely already aware of the Collegiate Cyber Defense Competition (CCDC). For those who don’t know, it’s a defensive competition for college students. The scenario is simple, a team of students (blue team) go into a compromised mock business and secure it. They also try to run the competition in the most realistic fashion possible, so the management side (white team) is constantly giving the blue team tasks to complete while securing the network. While the hackers (red team) are trying to get back into the vulnerable systems. Just so we are all on the same page, there are two other groups of individuals involved in the competition, those who run the competition (gold team) and the technical support staff (green team).
The network we were given for CCDC 2014, was much like it was in the past few years I’ve been involved in the competition. In the DMZ there was a CentOS box running eCommerce and a Ubuntu DNS running Bind9 as well as our MySQL server. On the internal network there was a Debian email server running RoundCube, a Server 2003 running WarFTP, Server 2008 running DFS, and a Sever 2008 R2 running ADDS. There was also a Windows 7 desktop on the ISP’s network, that we also had to manage.
During the competition you get points by maintaining your professionalize through the stress of the competition, keeping business related services up, and completing business related tasks in a timely manner. There is also a small margin of points available if you are able to both block and report red team activities.
This year our team at Indiana Tech did very well. I was on the Linux side of the competition this year as opposed to last year when I managed the Windows desktops. My primary goal was to keep the services on the Debian email box up throughout the competition. However, the credit goes to our entire Linux sub-team as a whole, for keeping our services up. That being said the only real issue we had was with the CentOS box hanging after the initial reboot, forcing us to scrub the box, about an hour into the competition. Other than that, we were able to pull together as a team and had about 80%-85% service up time and completed 40 out of 43 of the business related injects. Our performance over the 8 hour window was said to be one of the schools best and netted us a second place finish. With first place going to Rose-Hulman, who I wish the best on their conquest to the national title.
As always, we learned a few lessons during this year’s competition. First of all, it’s incredibly valuable to figure out exactly how they are scoring services as early as possible. This helps get full points on each of the service categories throughout the entire competition. We too discovered that it’s better to scrub a box early in the competition then fight with it for hours. We also found great value in setting up centralized logging and automated log checking packages like Kiwi and OSSEC.
Now, I would just like to take the time to make a few recommendations about how the competition might be improved. First I would like to recommend better communication between the blue and white team in an effort to help students more effectively improve communication skills. I say this because submitting an inject to the scoring system that I think is well written does not mean it is, and without a score report its hard to justify using builds communication skills as a selling point. The simply addition of having an inject, where an individual or group blue team members have to go present an idea, to someone would be a great place to start. Second consider better defining or allowing question on how services are technically scored. I recommend this because, I personally have seen some truly strange things happen with scoring and the rules clearly state that any interference with scoring is grounds for desertification. That being said, if you state in the team pack that access to web mail via an http site is being scored. It seems hardly fair to additionally score a random chat client as well, when its technically against the rules to investigate as to weather it indeed is being scored. Lastly I would like to simply request that those who compete in the competition receive some sort of acknowledgement, certificate, or web posting that includes placement. This request is simply to provide some tangible proof to an employer or future employer in the event that such a request should be made.
As an added bonus, here are the pictures of the CCDC 2014 commemoration dinner, hosted by Ivy Tech, that were made public the last few years.
http://www.flickr.com/photos/ivytechfortwayne/sets/72157640781466374/
Please note: In 2013 I was a senior on the Ivy Tech team.
http://www.flickr.com/photos/ivytechfortwayne/sets/72157632800411224/
Please note: In 2012 I was a substitute for the Ivy Tech team and did not make it into their limited photo set.
http://www.flickr.com/photos/ivytechfortwayne/sets/72157629404992103/
Hello My school is competing this year in the CCDC competition, I am responsible for the email server as yourself. Would you mind reaching out and giving some assistance.
Thanks
Jimmy,
Since I’m now deeply involved with the Red Team and some white team activities. I can’t do any one on one mentorship while the season is ongoing; in order to ensure fairness. However I do plan to release a few blog posts about my experiences, this year, towards the end of the season. During the off season I do mentor students for cyber defense competitions, as my time permits.