February, 2010

  • The 5th Mid-Atlantic Collegiate Cyber Defense Competition (CCDC) will be held on March 11-13, 2010, pitting students from five area colleges/universities against a “Red Team” of hackers trying to disrupt and compromise their networks. Asheville-Buncombe Technical College, Community College of Baltimore County, Millersville University, Towson University, and University of Maryland Baltimore County (UMBC) were the winners of the Qualifying Rounds, which were conducted remotely during January and February, involving 100 students from 15 two- and four-year schools.

    The 5th Mid-Atlantic CCDC will unfold at the new in Columbia, MD and provide a chance for government and industry officials to observe the competition, discuss cyber security career choices with the top students from the region, and become better informed regarding current trends in security and information assurance.

    CyberWatch, the National Science Foundation, , and the host the event, which will open with a Networking Reception/Job Fair at 4:30pm on Thursday, March 11th. Sponsors include Boeing, CSC, Northrop Grumman, SAIC, and Tenable Network Security, with equipment and software provided by Solera Networks and Core Security.

    Students from the following institutions, who also participated in the Qualifying Rounds, are expected to attend the competition: Anne Arundel Community College, Catawba Valley Community College, George Mason University, George Washington University, James Madison University, Northern Virginia Community College, Prince George’s Community College, University of MD College Park, University of Pittsburgh, and Wilmington University.

    The winner of the Mid-Atlantic CCDC will move on to represent the region in the National CCDC, April 16-18, 2010, in San Antonio TX.

    :: Casey

  • Over the course of a month, 15 student teams competed in the Mid-Atlantic Regional Collegiate Cyber Defense Competition (CCDC) Qualifying Rounds. The student teams consisted of full-time, undergraduate and graduate degree-seeking students, representing four year universities and community colleges from Delaware, the District of Columbia, Maryland, North Carolina, Pennsylvania, and Virginia.

    Competing Teams

    :: Anne Arundel Community College, MD
    :: Asheville-Buncombe Technical College, NC
    :: Catawba Valley Community College, NC
    :: Community College of Baltimore County, MD (2009 Regional Finals Qualifier)
    :: George Mason University, VA
    :: George Washington University, DC (2009 Regional Finals Qualifier)
    :: James Madison University, VA (2009 Regional Finals Qualifier)
    :: Millersville University, PA
    :: Northern Virginia Community College, VA
    :: Prince George’s Community College, MD
    :: University of Pittsburgh, PA (2009 Regional Finals Winner)
    :: Towson University, MD
    :: University of Maryland Baltimore County, MD
    :: University of Maryland College Park, MD
    :: Wilmington University, DE

    The 15 teams, up from eight the preceding two years, were given a three hour time slot to remotely connect to the competition network and harden four Virtual Machines running Linux and Windows. The four teams with the best overall score move on to the Regional Finals, March 11-13, 2010.

    :: Casey

  • Starting in 2008, the organizers of the Mid-Atlantic Regional Collegiate Cyber Defense Competition (CCDC) experimented with a Qualifying Round model, whereby schools from the region would meet on successive Saturdays in January at the facility to compete in a one day, face-to-face competition. The region was loosely divided into schools from Maryland and Pennsylvania competing on one day and schools from Virginia and Washington, D.C. competing on another, with the top two teams from each one day qualifier advancing to the Regional Finals each March.

    In wanting to deliver a meaningful competition by which institutions of higher education may evaluate their programs, as well as provide an educational venue in which students are able to apply the theory and skills they have learned in their course work, the event organizers decided to expand the Qualifying Round model.

    The Rules

    • From January 25 – February 19, 15 competing schools connect remotely to the competition network via a SSL-based VPN, located at the White Wolf Security HQ in Lancaster, PA.
    • Teams are given a three hour time slot to harden four Virtual Machines (VMs): two Linux, two Windows
    • After the three hour time period ends, the student teams are locked out of the remote competition environment
    • Teams can only use those tools that are built into the operating systems (e.g., no uploading/download of patches, no external software of any kind, etc.)
    • Teams must keep the following services up and reachable to/from any IP address: LDAP, DNS, SMTP, HTTP, POP3, IMAP4, SSH, and MySQL

    Scoring

    • Nessus is used to generate a baseline assessment of vulnerabilities
    • After the three hour time period ends, Nessus is run again
    • A scoring round is then conducted to ensure a fully functional (zero round) score. A zero round is a round where the team scores a perfect score (zero points). A perfect score is where each scored service is on the network, processing service requests and no flags are corrupted
    • Automatic attack tools are run to verify system vulnerabilities
    • Each team will have an overall score consisting of: (1) The best improvement between the two Nessus scans, (2) The best service score, and (3) The fewest compromises by the automatic attack tools

    The four teams with the best overall score will move on to the Regional Finals, March 11-13, 2010.

    :: Casey

Advertisements

CSC