[Infowarrior] - Baker College wins National Collegiate Cyber Defense Competition

[Richard Forno]

Baker College wins National Collegiate Cyber Defense Competition
By Joe Barr on April 21, 2008 (4:00:00 PM)
http://www.linux.com/feature/132873

Baker College of Flint, Mich., defeated defending champion Texas A&M
University and four other regional winners from across the country to
capture the third annual National Collegiate Cyber Defense Competition,
which concluded in San Antonio, Texas, over the weekend. Texas A&M finished
a close second, and the University of Louisville took third. Also competing
for the championship were the Community College of Baltimore County, Mount
San Antonio College of Los Angeles County, and the Rochester Institute of
Technology.

Hosted by the Center for Infrastructure Assurance and Security (CIAS) at the
University of Texas at San Antonio (UTSA), the event pits six regional
winners, each given a similar small enterprise network to protect, against a
team made up of experienced security professionals dubbed the Red Team,
a.k.a. Team Hilarious.

Teams are scored on how well they protect their identical networks, made up
a Cisco router and five servers: Windows 2003 running Internet Information
Services, Windows 2000 running DNS, Solaris X86 running Apache and OpenSSL,
Gentoo running MySQL and NFS, and BSD running Sendmail. Team workstations
can run Vista, Windows, Fedora, or BSD, as the team prefers. Teams are
required to provide SMTP, POP3, HTTP, HTTPS,and DNS services throughout the
competition, and outages on any of those services result in deductions from
their score. At specified times, the teams are also asked to bring up FTP,
SSH, RDP, and VNC services, in accordance with the 2008 competition rules.

Dr. Gregory White In addition to the attackers (the Red Team) and the
defenders (the Blue Teams), there is also a White Team. The White Team acts
as the overall network operations center, observers, and as communications
center. All requests for information, assistance, and problem reporting by
the competing teams go through the White Team; teams are not allowed direct
communication with the outside world except for publicly available
information and software available on the Internet. The White Team also
delivers in-competition requests for new services and scores the teams'
performance.

The entire event took place at the San Antonio Airport Hilton hotel, and
each team (Red, White, and each competing Blue team) had its own private,
closely guarded room. A White Team observer was present in each competing
team's room for the entire competition.
Team Hilarious

Red Team captain Dave Cowen has a jovial face and a pirate's beard. When his
laughter could be heard in the hall outside the Red Team room, collegians
winced, because they knew that another server has just fallen prey to the
Red Team's relentless attacks.

The other Red Team members (first names only) Luke, Ryan, Evan, Jacob, and
Leon are all professionals in the security industry. On Friday, the first
day of the competition, the Red Team had the adrenaline of the hunt, the
chase, the pursuit of hapless quarry, in the air, as team members sat around
the conference table, staring into the screens of their laptops, some using
two laptops at once, and sharing information as they gleefully began probing
the target networks for weaknesses and mapping IP addresses to specific
configurations.

One of the first remarks heard after the competition began was,
"Interesting, the Solaris exploit from last year still works." That was
followed shortly by Dave Cowen announcing "OK, professionals, we need a
local Solaris 5.10 exploit for privilege escalation."

Red Team Captain Dave CowenIn addition to a few members of the press, the
Red Team room was also visited by various federal agents. A contingent from
the Secret Service was present all weekend. Three black-suited gentlemen
claiming to be from the FBI were present Friday. Defense Information Systems
Agency agents were present as part of the competition infrastructure, and
among their other duties, helped escort journalists from room to room during
the event.

The mood in the Baltimore County Community College Blue Team room Friday
afternoon was in stark contrast with the lightness and laughter heard in the
Team Hilarious room. All seven team members were focused on the job at hand,
which was to begin securing the network they found running at the start of
the competition. Voices were muted, there was no idle chatter, and everyone
was busy at whatever task they had been assigned.

Teams are allowed to modify the configurations as they see fit during the
event, so long as they follow the rules and provide the required services.
The configuration itself seems to have been a weak spot for defending the
networks, and at the end of the competition on Sunday, Cowen said that you
reach a point where the configuration is more important than the supply of
exploits available to attackers. He made that remark not long after hacking
a team's Web server so that it displayed their credit card database as its
homepage during the last half hour of the competition.

A two-hour awards luncheon took place shortly after the end of competition
Sunday morning. There were speeches by US Representative Ciro Rodriguez and
Cornelius Tate, the brand-new Director of the DHS Cyber Security Division,
prior to announcing the winners. This year's competition was the closest
ever, with three teams in a virtual tie after the second day, and Baker
edging defending champion Texas A&M by the slimmest of margins at the end.
Whether they took home the gold or not, all the teams were made up of
bright, skillful students, and given the presence of two community college
teams in the final six, it's obvious that the size of the school is not as
important as the skill of its students in the world of cyber defense.

Baltimore County Community College, the only team with a female competitor,
and Mount San Antonio Community College in Los Angeles, proved that network
security skills are not the exclusive domain of larger, better-known
institutions. Their presence at this national competition is roughly the
equivalent of a community college basketball team making it to the NCAA's
Final Four, and both schools and students deserve kudos for going head to
head against teams from much larger schools, especially since those schools
may include two graduate students on their team.

Dr. Gregory White, director of the UTSA CIAS, one of the founders of the
original competition when it was held on a regional basis rather than
nationally, explained there is a large network and computer security
population in San Antonio, primarily because the Air Intelligence Agency is
located there. UTSA was a logical place to become an academic center for
computer and network security. That led to it become the first Texas
university to be designated as a "Center for Academic Excellence in
Information Assurance Education" by both the DHS and the National Security
Agency, and it currently offers bachelor and masters-level degrees in
information security from several of its schools.

Sponsors for this year's event included the AT&T Foundation, DHS, Cisco
Systems, Acronis, Northrop Grumman, Accenture, the Information Systems
Security Association, Core Security, our sister site ThinkGeek, Code
Magazine, and Pepsi. White said that more sponsors are needed for future
competitions in order to do all the things CIAS wants to accomplish.