[ISN] Baker College wins National Collegiate Cyber Defense Competition

From: InfoSec News (alerts@private)
Date: Tue Apr 22 2008 - 01:50:01 PDT


http://www.linux.com/feature/132873

By Joe Barr 
Linux.com
April 21, 2008

Baker College of Flint, Mich., defeated defending champion Texas A&M 
University and four other regional winners from across the country to 
capture the third annual National Collegiate Cyber Defense Competition, 
which concluded in San Antonio, Texas, over the weekend. Texas A&M 
finished a close second, and the University of Louisville took third. 
Also competing for the championship were the Community College of 
Baltimore County, Mount San Antonio College of Los Angeles County, and 
the Rochester Institute of Technology.

Hosted by the Center for Infrastructure Assurance and Security (CIAS) at 
the University of Texas at San Antonio (UTSA), the event pits six 
regional winners, each given a similar small enterprise network to 
protect, against a team made up of experienced security professionals 
dubbed the Red Team, a.k.a. Team Hilarious.

Teams are scored on how well they protect their identical networks, made 
up a Cisco router and five servers: Windows 2003 running Internet 
Information Services, Windows 2000 running DNS, Solaris X86 running 
Apache and OpenSSL, Gentoo running MySQL and NFS, and BSD running 
Sendmail. Team workstations can run Vista, Windows, Fedora, or BSD, as 
the team prefers. Teams are required to provide SMTP, POP3, HTTP, 
HTTPS,and DNS services throughout the competition, and outages on any of 
those services result in deductions from their score. At specified 
times, the teams are also asked to bring up FTP, SSH, RDP, and VNC 
services, in accordance with the 2008 competition rules.

In addition to the attackers (the Red Team) and the defenders (the Blue 
Teams), there is also a White Team. The White Team acts as the overall 
network operations center, observers, and as communications center. All 
requests for information, assistance, and problem reporting by the 
competing teams go through the White Team; teams are not allowed direct 
communication with the outside world except for publicly available 
information and software available on the Internet. The White Team also 
delivers in-competition requests for new services and scores the teams' 
performance.

The entire event took place at the San Antonio Airport Hilton hotel, and 
each team (Red, White, and each competing Blue team) had its own 
private, closely guarded room. A White Team observer was present in each 
competing team's room for the entire competition.


Team Hilarious

Red Team captain Dave Cowen has a jovial face and a pirate's beard. When 
his laughter could be heard in the hall outside the Red Team room, 
collegians winced, because they knew that another server has just fallen 
prey to the Red Team's relentless attacks.

The other Red Team members (first names only) Luke, Ryan, Evan, Jacob, 
and Leon are all professionals in the security industry. On Friday, the 
first day of the competition, the Red Team had the adrenaline of the 
hunt, the chase, the pursuit of hapless quarry, in the air, as team 
members sat around the conference table, staring into the screens of 
their laptops, some using two laptops at once, and sharing information 
as they gleefully began probing the target networks for weaknesses and 
mapping IP addresses to specific configurations.

One of the first remarks heard after the competition began was, 
"Interesting, the Solaris exploit from last year still works." That was 
followed shortly by Dave Cowen announcing "OK, professionals, we need a 
local Solaris 5.10 exploit for privilege escalation."

In addition to a few members of the press, the Red Team room was also 
visited by various federal agents. A contingent from the Secret Service 
was present all weekend. Three black-suited gentlemen claiming to be 
from the FBI were present Friday. Defense Information Systems Agency 
agents were present as part of the competition infrastructure, and among 
their other duties, helped escort journalists from room to room during 
the event.

The mood in the Baltimore County Community College Blue Team room Friday 
afternoon was in stark contrast with the lightness and laughter heard in 
the Team Hilarious room. All seven team members were focused on the job 
at hand, which was to begin securing the network they found running at 
the start of the competition. Voices were muted, there was no idle 
chatter, and everyone was busy at whatever task they had been assigned.

Teams are allowed to modify the configurations as they see fit during 
the event, so long as they follow the rules and provide the required 
services. The configuration itself seems to have been a weak spot for 
defending the networks, and at the end of the competition on Sunday, 
Cowen said that you reach a point where the configuration is more 
important than the supply of exploits available to attackers. He made 
that remark not long after hacking a team's Web server so that it 
displayed their credit card database as its homepage during the last 
half hour of the competition.

A two-hour awards luncheon took place shortly after the end of 
competition Sunday morning. There were speeches by US Representative 
Ciro Rodriguez and Cornelius Tate, the brand-new Director of the DHS 
Cyber Security Division, prior to announcing the winners. This year's 
competition was the closest ever, with three teams in a virtual tie 
after the second day, and Baker edging defending champion Texas A&M by 
the slimmest of margins at the end. Whether they took home the gold or 
not, all the teams were made up of bright, skillful students, and given 
the presence of two community college teams in the final six, it's 
obvious that the size of the school is not as important as the skill of 
its students in the world of cyber defense.

Baltimore County Community College, the only team with a female 
competitor, and Mount San Antonio Community College in Los Angeles, 
proved that network security skills are not the exclusive domain of 
larger, better-known institutions. Their presence at this national 
competition is roughly the equivalent of a community college basketball 
team making it to the NCAA's Final Four, and both schools and students 
deserve kudos for going head to head against teams from much larger 
schools, especially since those schools may include two graduate 
students on their team.

Dr. Gregory White, director of the UTSA CIAS, one of the founders of the 
original competition when it was held on a regional basis rather than 
nationally, explained there is a large network and computer security 
population in San Antonio, primarily because the Air Intelligence Agency 
is located there. UTSA was a logical place to become an academic center 
for computer and network security. That led to it becoming the first 
Texas university to be designated as a "Center for Academic Excellence 
in Information Assurance Education" by both the DHS and the National 
Security Agency, and it currently offers bachelor and masters-level 
degrees in information security from several of its schools.

Sponsors for this year's event included the AT&T Foundation, DHS, Cisco 
Systems, Acronis, Northrop Grumman, Accenture, the Information Systems 
Security Association, Core Security, our sister site ThinkGeek, Code 
Magazine, and Pepsi. White said that more sponsors are needed for future 
competitions in order to do all the things CIAS wants to accomplish.


_______________________________________________      
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Tue Apr 22 2008 - 02:07:21 PDT