Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Defense Competition Has A New Champion

Posted by ScuttleMonkey on from the hack-the-gibson dept.

lisah writes "Several colleges across the country went head-to-head in San Antonio, Texas last weekend at the National Collegiate Cyber Defense Competition to see which team could best protect their networks against attacks. In a modern day version of Steal the Flag, the teams duked it out using identical network setups that included a Cisco router and five servers. In the end, Baker College took the champion's title from last year's winner, Texas A & M University."

10 of 66 comments (clear)

  1. Cyber war-gaming by BWJones · · Score: 4, Interesting

    This is going to become more critical not just in terms of servers and informational or command based attacks, but also in terms of actual combat systems as we start to integrate more robots and remote networked combat platforms. For instance, my last visit to Creech AFB was very informative, but also illustrated a number of potential weaknesses in the system that controls remotely operated unmanned aerial vehicles actively engaging in combat.

    Exercises such as these are critically important to war-game any networked system, particularly when that system is using commercial off the shelf solutions and commodity hardware that is accessible and easy to explore outside the realm of cyber warfare. i.e. war-gaming your attacks before going live...

    --
    Visit Jonesblog and say hello.
  2. On your marks, get set... by jibster · · Score: 3, Funny

    Any word on when ESPN will start broadcasting these "games" live? Throw in a few hot cheer leaders and I'd watch. Actually, anybody know where I can get tickets?

    1. Re:On your marks, get set... by Mordok-DestroyerOfWo · · Score: 4, Funny

      Coming up on ESPN 1011:

      7:00 - Co-ed full contact bash programming
      8:00 - PHP fantasy team preview
      9:00 - X-Treme PERL recital!
      10:00 - World's Strongest Stench competition
      11:00 - Geekcenter

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
    2. Re:On your marks, get set... by g0bshiTe · · Score: 3, Funny

      My guess would have been ESPN 1337

      --
      I am Bennett Haselton! I am Bennett Haselton!
  3. Not sure what this proves by menace3society · · Score: 4, Insightful

    Usually competitions like this are in "Which OS is most secure" kinds of settings, where the ostensible purpose is to find out which OS is the most secure. However, in this case, you had you had a bunch of different OSs all linked together, and you had to protect them from a bunch of security professionals. I imagine these "pros" probably weren't hard-core hackers, and given that, I'm not sure what the value of the exercise was. These pros won't have anything in their arsenal that everybody doesn't already know about it (at least, if they're studying computer security, they *ought* to know about it), and so we're basically left with (and this is something the article mentions) a bunch of people changing their conf files as fast as possible. If you ask me, they should six Eastern Europeans and North Koreans, and offer them $10,000 for every box they own. If the teams box doesn't get owned, they get the ten grand. Simpler, more interesting, and far more realistic.

    1. Re:Not sure what this proves by Dachannien · · Score: 5, Funny

      All sounded pretty good until you used the word "owned". Damn straight. Everybody knows the technical term is "pwned".

    2. Re:Not sure what this proves by Anonymous Coward · · Score: 4, Interesting

      A friend of mine, who knew the pros -- at least for the regionals that I *almost* got to compete in (not bitter, nope, not me) -- said they were Serious Business. The point is to go into a new system, figure out what's broken (because the systems the blue teams were provided were broken, sploitwise), and fix it. Changing your conf files as fast as possible means you have to know which files to change in which ways. I don't think the game is entirely realistic either, but it is important to know the methods. Between the in-depth study of a competitor's assigned system and the actual experience of an attack, you get a pretty good grasp of what it's like.

    3. Re:Not sure what this proves by ja1217 · · Score: 4, Interesting

      I also participated in the competition, but due to issues with our Firewall (the stupid scanner the provided with us didn't work and we ended up taking our network down several times for unecessary reasons) we didn't pass the qualifying rounds. However, I went along to one of the later rounds and was allowed to sit in with the hackers. But as Anonymous said, the goal is mainly to fix a machine that already has holes as fast as possible. In my competition, we had two linux boxes (Red Hat 7 for DNS and Fedora 8 for web), a FreeBSD box for sendmail, a Win2k back up DNS, 2003 server for LDAP, and two Windows XP desktops. While the hackers weren't allowed to use 0 day vulnerabilities, they did have tools like CORE Impact at their disposal and within the first 5 minutes of the competition had owned every windows box. The only time I remember a *nix box getting owned was my groups. We were two busy fixing the LDAP server and forgot to change the default password of the BSD box from "password" because they were on the same machine (we had a virtual machine set up for our competition. This had its annoyances, but we could quickly recover from hacks by doind a revert to snapshot with VM ware. They probably disabled the revert feature in later competitions as in a real business environment, which they were trying to simulate, reverting could cause massive data loss.) Towards the end when things were winding down, one team had gotten owned really hard and wasn't about to recover, so they started doing trick programs on them. At one point, they had a screen cast of one of the competitors computers running on their own so they could see exactly what that school was doing. So they ran a trick program that made it look like it was running the Vista install process. We quick ran over and saw them frantically trying to cancel it with no effect. And then they ran a delete all on that computer. Even though my team lost, we had lots of fun and I was able to learn a lot. We'll be back next year (Millersville University) and hope to regain our position of at least 2nd place at Nationals, which we had for the 2 previous years.

    4. Re:Not sure what this proves by thelordzero · · Score: 3, Informative

      Usually competitions like this are in "Which OS is most secure" kinds of settings, where the ostensible purpose is to find out which OS is the most secure. However, in this case, you had you had a bunch of different OSs all linked together, and you had to protect them from a bunch of security professionals. I imagine these "pros" probably weren't hard-core hackers, and given that, I'm not sure what the value of the exercise was. These "pros" as you said are actually professional flown in from around the country who either are partners in consulting companies or just a level below that. Everyone on the red team does it for a living at the national level and certainly is not a bunch of non hardcore hackers who said o lets have fun. But then again what do i know, I was on the red team.
  4. from a Red Team member perspective.... by thelordzero · · Score: 5, Informative

    Well this competition was actually a great one. I was one of the red team members for the nationals (and also the only person to have gone from a regional team captain to the national red team). The competition was very close to the very end with only a few subtle mistakes being made as of the second day. The run down is usually like this for the red team: Day 1: Boxes are extremly vulnerable and red team had a hayday with easily found exploits. We set some backdoors and have some fun with the servers. Looking for customer data that is stored on them. Day 2: Teams have patched most boxes and taken care of most of the vulns out there. Red team goes after websites finding exploits for the most part since boxes are locked down other than holes we inserted ourselves. Default passwords on ecommerce sites are usually one of the last things to change. Day 3: Boxes and teams are finally pretty locked down. Some last holes are left over from the red team. Nessus and Core Impact and other tools are worthless at this point at the latest (if not midday saturday). This day red team is pretty much just having fun, especially the team lead, Dave with his laughing that echos down the halls making the other teams nervous. In all every team did a great job. Everyone learned alot (heck I learned alot red teaming with some of these guys). Stupid mistakes were made by every team and we (the red team) loved the teams for it. Can't wait to come back next year and seeing what the teams will do then.