News

  • 2010 Qualifying Rounds

    Starting in 2008, the organizers of the Mid-Atlantic Regional Collegiate Cyber Defense Competition (CCDC) experimented with a Qualifying Round model, whereby schools from the region would meet on successive Saturdays in January at the facility to compete in a one day, face-to-face competition. The region was loosely divided into schools from Maryland and Pennsylvania competing on one day and schools from Virginia and Washington, D.C. competing on another, with the top two teams from each one day qualifier advancing to the Regional Finals each March.

    In wanting to deliver a meaningful competition by which institutions of higher education may evaluate their programs, as well as provide an educational venue in which students are able to apply the theory and skills they have learned in their course work, the event organizers decided to expand the Qualifying Round model.

    The Rules

    • From January 25 – February 19, 15 competing schools connect remotely to the competition network via a SSL-based VPN, located at the White Wolf Security HQ in Lancaster, PA.
    • Teams are given a three hour time slot to harden four Virtual Machines (VMs): two Linux, two Windows
    • After the three hour time period ends, the student teams are locked out of the remote competition environment
    • Teams can only use those tools that are built into the operating systems (e.g., no uploading/download of patches, no external software of any kind, etc.)
    • Teams must keep the following services up and reachable to/from any IP address: LDAP, DNS, SMTP, HTTP, POP3, IMAP4, SSH, and MySQL

    Scoring

    • Nessus is used to generate a baseline assessment of vulnerabilities
    • After the three hour time period ends, Nessus is run again
    • A scoring round is then conducted to ensure a fully functional (zero round) score. A zero round is a round where the team scores a perfect score (zero points). A perfect score is where each scored service is on the network, processing service requests and no flags are corrupted
    • Automatic attack tools are run to verify system vulnerabilities
    • Each team will have an overall score consisting of: (1) The best improvement between the two Nessus scans, (2) The best service score, and (3) The fewest compromises by the automatic attack tools

    The four teams with the best overall score will move on to the Regional Finals, March 11-13, 2010.

    :: Casey

Advertisements

CSC