Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security Education

Cyber Defense Competition Has A New Champion 66

Posted by ScuttleMonkey
from the hack-the-gibson dept.
lisah writes "Several colleges across the country went head-to-head in San Antonio, Texas last weekend at the National Collegiate Cyber Defense Competition to see which team could best protect their networks against attacks. In a modern day version of Steal the Flag, the teams duked it out using identical network setups that included a Cisco router and five servers. In the end, Baker College took the champion's title from last year's winner, Texas A & M University."
This discussion has been archived. No new comments can be posted.

Cyber Defense Competition Has A New Champion

Comments Filter:
  • Cyber war-gaming (Score:5, Interesting)

    by BWJones (18351) * on Monday April 21, 2008 @03:43PM (#23150464) Homepage Journal
    This is going to become more critical not just in terms of servers and informational or command based attacks, but also in terms of actual combat systems as we start to integrate more robots and remote networked combat platforms. For instance, my last visit [utah.edu] to Creech AFB was very informative, but also illustrated a number of potential weaknesses in the system that controls remotely operated unmanned aerial vehicles actively engaging in combat.

    Exercises such as these are critically important to war-game any networked system, particularly when that system is using commercial off the shelf solutions and commodity hardware that is accessible and easy to explore outside the realm of cyber warfare. i.e. war-gaming your attacks before going live...

    • Re: (Score:3, Insightful)

      by Divebus (860563)

      Exercises such as these are critically important to war-game any networked system...
      ...like defending against RIAA network invasions of Colleges?
    • It's good to hear that people are still actively trying to hasten Judgment Day
  • I always thought it was one step above a community college! Either I was wrong or they have improved a lot recently.
  • by jibster (223164) on Monday April 21, 2008 @04:01PM (#23150730)
    Any word on when ESPN will start broadcasting these "games" live? Throw in a few hot cheer leaders and I'd watch. Actually, anybody know where I can get tickets?
  • by menace3society (768451) on Monday April 21, 2008 @04:04PM (#23150766)
    Usually competitions like this are in "Which OS is most secure" kinds of settings, where the ostensible purpose is to find out which OS is the most secure. However, in this case, you had you had a bunch of different OSs all linked together, and you had to protect them from a bunch of security professionals. I imagine these "pros" probably weren't hard-core hackers, and given that, I'm not sure what the value of the exercise was. These pros won't have anything in their arsenal that everybody doesn't already know about it (at least, if they're studying computer security, they *ought* to know about it), and so we're basically left with (and this is something the article mentions) a bunch of people changing their conf files as fast as possible. If you ask me, they should six Eastern Europeans and North Koreans, and offer them $10,000 for every box they own. If the teams box doesn't get owned, they get the ten grand. Simpler, more interesting, and far more realistic.
    • by Anonymous Coward on Monday April 21, 2008 @04:13PM (#23150906)
      A friend of mine, who knew the pros -- at least for the regionals that I *almost* got to compete in (not bitter, nope, not me) -- said they were Serious Business. The point is to go into a new system, figure out what's broken (because the systems the blue teams were provided were broken, sploitwise), and fix it. Changing your conf files as fast as possible means you have to know which files to change in which ways. I don't think the game is entirely realistic either, but it is important to know the methods. Between the in-depth study of a competitor's assigned system and the actual experience of an attack, you get a pretty good grasp of what it's like.
      • by ja1217 (1266082) on Monday April 21, 2008 @04:41PM (#23151276)
        I also participated in the competition, but due to issues with our Firewall (the stupid scanner the provided with us didn't work and we ended up taking our network down several times for unecessary reasons) we didn't pass the qualifying rounds. However, I went along to one of the later rounds and was allowed to sit in with the hackers. But as Anonymous said, the goal is mainly to fix a machine that already has holes as fast as possible. In my competition, we had two linux boxes (Red Hat 7 for DNS and Fedora 8 for web), a FreeBSD box for sendmail, a Win2k back up DNS, 2003 server for LDAP, and two Windows XP desktops. While the hackers weren't allowed to use 0 day vulnerabilities, they did have tools like CORE Impact at their disposal and within the first 5 minutes of the competition had owned every windows box. The only time I remember a *nix box getting owned was my groups. We were two busy fixing the LDAP server and forgot to change the default password of the BSD box from "password" because they were on the same machine (we had a virtual machine set up for our competition. This had its annoyances, but we could quickly recover from hacks by doind a revert to snapshot with VM ware. They probably disabled the revert feature in later competitions as in a real business environment, which they were trying to simulate, reverting could cause massive data loss.) Towards the end when things were winding down, one team had gotten owned really hard and wasn't about to recover, so they started doing trick programs on them. At one point, they had a screen cast of one of the competitors computers running on their own so they could see exactly what that school was doing. So they ran a trick program that made it look like it was running the Vista install process. We quick ran over and saw them frantically trying to cancel it with no effect. And then they ran a delete all on that computer. Even though my team lost, we had lots of fun and I was able to learn a lot. We'll be back next year (Millersville University) and hope to regain our position of at least 2nd place at Nationals, which we had for the 2 previous years.
    • by yabastaaa (877550)

      Usually competitions like this are in "Which OS is most secure" kinds of settings, where the ostensible purpose is to find out which OS is the most insecure.
      fixed that for ya
    • Re: (Score:3, Informative)

      by thelordzero (1131271)

      Usually competitions like this are in "Which OS is most secure" kinds of settings, where the ostensible purpose is to find out which OS is the most secure. However, in this case, you had you had a bunch of different OSs all linked together, and you had to protect them from a bunch of security professionals. I imagine these "pros" probably weren't hard-core hackers, and given that, I'm not sure what the value of the exercise was.

      These "pros" as you said are actually professional flown in from around the country who either are partners in consulting companies or just a level below that. Everyone on the red team does it for a living at the national level and certainly is not a bunch of non hardcore hackers who said o lets have fun. But then again what do i know, I was on the red team.

      • Oh, so you make your living breaking into systems and either selling the information you find, or exploiting it directly to get rich?

        My point wasn't that they didn't hire security professionals, or that they didn't hire people who knew how to break into systems. They hired people who don't break into systems professionally, and that's what you'll be up against in the real world. It's like putting Home Guardsmen on the front line.
        • actually pretty much everyone makes a living off of the profession. That being said I was completly humbled by the team that was assembled and learned alot being there with them. Team Hilarious was great.
          • I'm sure they do, and I'm sure they're very talented. But, my point is, they don't make their money through technical exploits. They do audits and maybe even some white-hack attempts at penetration, but they aren't real cyber-criminals like in the Real World (tm).

            If I'm mistaken, please correct me. Also, see what kind of havoc you can cause next year by flooding the pipes with useless data. If the box is too busy serving bogus requests and it drops some legit ones, that counts as service outage, right?
            • not my place to comment on white hat or not and i certainly wouldnt name anyone on the team. not my place at all. the guys on the team are the ones who can write the sploits on the fly when needed. The team lead is a guy who knows his stuff in and out as does the rest of the guys who flew in. Also flooding a connection is forbidden for the most part. I know since I had a perfect sploit lined up for one of the servers that would of DOS'ed it easily but the red teams hands were tied on that point. But yes if
      • Didn't We Trash This Last Year?
        Elite Network Counter Strike Force pwn Teens:

        http://it.slashdot.org/comments.pl?sid=227039&cid=18391373 [slashdot.org] ... fun aside, it does sound as if they've/you all attempted to adjust the rules somewhat.

    • by luaplevap (970861)

      Usually competitions like this are in "Which OS is most secure" kinds of settings, where the ostensible purpose is to find out which OS is the most secure. However, in this case, you had you had a bunch of different OSs all linked together, and you had to protect them from a bunch of security professionals. I imagine these "pros" probably weren't hard-core hackers, and given that, I'm not sure what the value of the exercise was. These pros won't have anything in their arsenal that everybody doesn't already know about it (at least, if they're studying computer security, they *ought* to know about it), and so we're basically left with (and this is something the article mentions) a bunch of people changing their conf files as fast as possible. If you ask me, they should six Eastern Europeans and North Koreans, and offer them $10,000 for every box they own. If the teams box doesn't get owned, they get the ten grand. Simpler, more interesting, and far more realistic.

      being both from eastern europe and also a decent hacker, I like that idea

    • by TXISDude (1171607) *
      I have been to these events, and have experience in "the real world". And what does this event prove? It is an exercise designed to test student groups ability to work together as an IT department from a security perspective, and operational perspective in a simulated real world business environment. I agree theoretically that when you take over a network that has deficiencies that it would be "nice" to be able to disconnect, fix it and then reconnect to the internet - but in the real world, try telling y
  • by Digi-John (692918)
    I'm just happy to see that my school (RIT) made it to the finals. Didn't even know we had a team.
  • In a previous life this is something I did with government networks on a daily basis .. as I'm sure most slashdotter's have done.
  • by thelordzero (1131271) on Monday April 21, 2008 @04:20PM (#23150988)
    Well this competition was actually a great one. I was one of the red team members for the nationals (and also the only person to have gone from a regional team captain to the national red team). The competition was very close to the very end with only a few subtle mistakes being made as of the second day. The run down is usually like this for the red team: Day 1: Boxes are extremly vulnerable and red team had a hayday with easily found exploits. We set some backdoors and have some fun with the servers. Looking for customer data that is stored on them. Day 2: Teams have patched most boxes and taken care of most of the vulns out there. Red team goes after websites finding exploits for the most part since boxes are locked down other than holes we inserted ourselves. Default passwords on ecommerce sites are usually one of the last things to change. Day 3: Boxes and teams are finally pretty locked down. Some last holes are left over from the red team. Nessus and Core Impact and other tools are worthless at this point at the latest (if not midday saturday). This day red team is pretty much just having fun, especially the team lead, Dave with his laughing that echos down the halls making the other teams nervous. In all every team did a great job. Everyone learned alot (heck I learned alot red teaming with some of these guys). Stupid mistakes were made by every team and we (the red team) loved the teams for it. Can't wait to come back next year and seeing what the teams will do then.
  • Clearly, the submitter is an FPS noob who doesn't know that it's "capture", not "steal", the flag! ;)
  • urgh....It's called CAPTURE THE FLAG!! oh come on....
  • I led a team that competed in one of the qualifiers and found the competition extremely wanting. It's more of an arcane system administration challenge rather than anything about security. Some responses to the competition are collected at my lab's blog here: http://isisblogs.poly.edu/2008/02/29/pre-neccdc/ [poly.edu] (see the comments)
    • This competition is about best defending a network in as short a time as possible. Each region creates its own scenario independent from the national level and it creates different levels of fun and realism for the teams. In essence this competition is realistic from a sys admin point of view and thats mainly the people who will be admining these system. Once again I say this as a red team point of view and that of someone who was team captain of the UTSA team this year (the hosts of the national competitio
      • Of course you had fun! You were on the Red team and you got to abuse groups of college students for a weekend! At least for the region we were in, the competition is NOT about how to best defend a network in as short a time as possible. It was about blindly following arbitrary rules and being a system administrator.
        • To be fair, I was red team at nationals (albeit I was humlbed greatly by the rest of the red team), I was the team captain for UTSA at regionals this year. I've seen it from the blue team, white team and red team viewpoint. Blue is the most frustrating I do say but in the end I've always walked away having learned something.
    • I led a team that competed in one of the qualifiers and found the competition extremely wanting. It's more of an arcane system administration challenge rather than anything about security. Some responses to the competition are collected at my lab's blog here: http://isisblogs.poly.edu/2008/02/29/pre-neccdc/ [poly.edu] (see the comments)

      I agree with you completely. I was a captain for a team that made it to the finals the first year they held nationals. The majority of business injects are related to system administration. Most of the strategies to win involve patching quickly and changing stupid defaults (among other things). However, I don't complain too much because it is a fun experience. Also, I haven't come up with better "rules" for the game. One of the biggest challenges was to devise a security competition that didn't promo

  • Ok I call shotgun !

    Who was caboose ?

Riches: A gift from Heaven signifying, "This is my beloved son, in whom I am well pleased." -- John D. Rockefeller, (slander by Ambrose Bierce)

Working...