[blue team packet]pcdc-sc.com/documents/pcdc_2019-blueteampacket.pdf · version 1.0 2019 pcdc blue...
Post on 03-Aug-2020
2 Views
Preview:
TRANSCRIPT
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
[BLUE TEAM PACKET] 2019 PALMETTO CYBER DEFENSE COMPETITION (PCDC)
Version 1.0
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
April 2019
Team,
On behalf of everyone at the Palmetto Cyber Defense College (PCDC), I officially welcome you to the PCDC family!
Our team of esteemed professors and faculty have updated the curriculum to keep us on track to becoming the new leader in cyber defense education.
Over 50 students are currently enrolled in the 2018-2019 spring semester. That is double the enrollment from the 2018-2019 fall semester. Our goal is to reach at least 100 students enrolled in the 2019-2020 fall semester by the end of the day!
If we can meet this goal, PCDC will be eligible to apply for Center of Superiority status!
Welcome to the Palmetto Cyber Defense College!
Regards,
Matthew Turner
Dr. Matthew Turner
President, Palmetto Cyber Defense College
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
April 2019
Team,
Welcome to the Palmetto Cyber Defense College (PCDC)!
We are excited that you have accepted our job offer and agreed upon your start date. While your new position reports to the Senior System Administration, Mr. Thomas Lewis, I’d like to welcome you to the Information System Security department on behalf of all of the staff.
As mentioned during the interviews, the previous team was recently terminated due to gross mismanagement of their assigned information system assets, as well as the data assets contained within. It is important to bring these assets up to date These assets are key to our successful operation, and any assets that remain in a compromised state will need to be remediated as soon as possible. Each of us will play a role to ensure your successful integration into the department.
At the time specified by our physical security staff, you may enter the department’s office area. This department serves the information technology (IT) needs for the entire college. Key IT services are Moodle, OrangeHR, and Zimbra email. Our helpdesk services faculty, staff, and current and prospective students, as well as alumni.
Dr. Turner, the College President, has set a college-wide goal to reach 100 enrolled students for the 2019-2020 fall semester. Although enrollment does not typically fall within our department’s scope, supporting enrollment will be made a priority for today.
Attached please find some information about our network, school, and organization. If you have any questions, please contact Mr. Lewis.
We look forward to having you come on board!
Regards,
Paula Diaz
Ms. Paula Diaz
Chief Information Systems Officer (CISO), Palmetto Cyber Defense College
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
TABLE OF CONTENTS
1.0 ACCOUNT INFORMATION ............................................................................................... 1
1.1 Initial Password List ..................................................................................................... 1
1.2 Password Changes ........................................................................................................ 1
1.3 VoIP Authentication ..................................................................................................... 1
1.4 Email Access ................................................................................................................. 1
2.0 NETWORK OVERVIEW ..................................................................................................... 1
2.1 Alternative Laptop/VM Startup Instructions ................................................................ 1
2.2 Backups and Recovery .................................................................................................. 2
2.3 Active Defense .............................................................................................................. 2
2.4 Incident Reporting ........................................................................................................ 2
2.5 Other Requests .............................................................................................................. 3
3.0 TEAM ASSESSMENT .......................................................................................................... 3
3.1 Scoring .......................................................................................................................... 3
3.2 Injects ............................................................................................................................ 3
LIST OF APPENDICES
Appendix A Network Diagram................................................................................................. A-1
Appendix B Password Tracker ................................................................................................. B-1
Appendix C Organization Chart ............................................................................................... C-1
Appendix D List of Professors ................................................................................................. D-1
Appendix E List of Courses ..................................................................................................... E-1
Appendix F Enrollment Instructions ........................................................................................ F-1
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet 1
1.0 ACCOUNT INFORMATION
1.1 Initial Password List
At the start of the day, your team will be supplied an envelope with your initial username and password information for all assigned assets.
1.2 Password Changes
Changes of domain user accounts need to be reported to the Gold Team. Please coordinate with a call to lessen service check downtime. Failure to promptly report changes to domain user accounts can negatively impact service checks from the competition scoring engine.
1.3 VoIP Authentication
Authenticated communications via voice-over-IP (VoIP) is vital to security of injects and avoiding spoofing attacks. Initial communications from the Blue Team to the Gold Team should be authenticated with the password included in Initial Password List. Best security practice suggests that Blue Team establish a new password for all subsequent communications.
Similarly, other college employees will also be regularly contacting you and will authenticate themselves; expect them to also periodically change their passwords with you.
The attached form in Appendix B is included to assist with tracking password changes.
1.4 Email Access
You will access your email via Zimbra through the following address: mail.blueXX.pcdc.local
2.0 NETWORK OVERVIEW
Your assigned network consists of virtual machines that are accessed via the Chrome web browser installed on the provided laptops. Usernames and passwords for all assets will be provided in the Initial Password List. The network diagram is in Appendix A. Network Diagram.
The Chrome web browser on the provided laptops should automatically go to the VMware vSphere server. Should the address not appear automatically, use the following address: https://vcsa01.gold.pcdc.local
2.1 Alternative Laptop/VM Startup Instructions
1. Turn on laptop
2. Click on Blue Team icon
3. You will see a “privacy error” screen; click on advanced
4. Click on proceed to https://vcsa01.gold.pcdc.local
5. You will see the VMware vSphere screen; click on vSphere Web Client (flash)
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
6. Login to your Blue Team VM with credentials
2.2 Backups and Recovery
Teams do not have access to create snapshots of VMs, nor to recover a VM from a snapshot. Snapshot and recovery requests can be submitted to Mr. Thomas Lewis, Senior System Administration, at Thomas.Lewis.IT@gold.pcdc.local using the following format:
SUBJECT: Backup/Recovery Request
BODY:
Team #: ___________
Request: ___________
Justification: ___________
Please note that recovery from a snapshot comes with a substantial cost to the department.
2.3 Active Defense
While this term is still being defined in industry (some say it includes offensive capabilities and others say it does not). We are referring to Defending Forward – countering of preventing a perceived cyber-attack by taking the fight to your adversary with the goal of taking away their ability to perform offensive cyber operations against you. This is not permitted under any circumstances. Teams should keep their actions within their own assigned assets, unless explicitly permitted by Ms. Paula Diaz, Chief Information Systems Officer (CISO).
2.4 Incident Reporting
Accurate incident reports that can be verified will net your team a modest amount of points in the end-of-day team assessment. Incident reports must contain a description of what occurred (including source and destination IP addresses, timelines of activity, passwords cracked, access obtained, damage done, etc), a discussion of what was affected, and a remediation plan. Overly inaccurate Incident Reports, especially abuse of Incident Reports, will net no points and may result in a loss of points.
Hand written reports must be legible, coherent, and professional. Should you recognize that an incident has occurred, you may contact Ms. Carolyn Hayes, the Incident Response Specialist, at Carolyn.Hayes.it@gold.pcdc.local using the following format:
SUBJECT: Incident Reporting
BODY:
Team #: ___________
Time(s) of Incident: ___________
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
Asset(s) Affected: ___________
Source (IP Address) of Attack: ___________
Description of Attack/Incident: ___________
Remediation/Plan to Resolve: ___________
2.5 Other Requests
There will be an online Help Desk Ticketing server provided for teams to request assistance from the Gold Team. Information will be provided on the day of the competition. The ticketing server can be reached at: http://goldenticket01.pcdc.local
3.0 TEAM ASSESSMENT
Employee performance is assessed at the end of each day. A score is given to the team of employees in the same department.
3.1 Scoring
Scoring for the Information System Security department is based on keeping required services up, controlling/preventing un-authorized access, and completing business tasks, a.k.a. injects, from colleagues, supervisors, and other departments throughout the day. Teams accumulate points by successfully completing these injects and maintaining services. Teams lose points by violating service level agreements, usage of recovery services, and successful penetrations by hackers, a.k.a. the red team.
Any team action that interrupts the scoring system is exclusively the responsibility of that team and will result in a lower score. Any team member that modifies a competition system or system component, with or without intent, in order to mislead the scoring engine into assessing a system or service as operational, when in fact it is not, may be suspended or fired. Validation of this act will come with a significant points penalty as it gives the Blue Team an unfair points advantage for a service that is not actually up.
3.2 Injects
If a business tasks, a.k.a. inject, requires multiple files for fulfillment, please compress the files into a single file in .zip format. This ensures that each inject has only one upload. Please name inject emails/files in the following format:
<teamNumber>_<injectNumber>_<injectTitle>
Injects and services are weighted evenly; it is disadvantageous to ignore injects.
There will be NO partial credit for late injects, so endeavor to fulfill injects on-time. Inject responses that are turned in on-time will be allowed at least partial credit.
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet A-1
APPENDIX A NETWORK DIAGRAM
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet B-1
APPENDIX B PASSWORD TRACKER
Username Password Account Description
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet C-1
APPENDIX C ORGANIZATION CHART
President
Senior Vice President, Finance and Business
Office Manager
Payroll Specialist
Payroll Specialist
Business Finance
Specialist
Business Finance
Specialist
Chief Information Systems Officer (CISO)
Office Manager
Senior Security Officer
Security Officer
Incident Response Specialist
Senior System Administrator
OS & Software Specialist
Infrastructure Specialist
Hardware Specialist
Web Administrator
Senior Helpdesk Specialist
Helpdesk Specialist
Helpdesk Specialist
Vice President, Human Resources & Recruitment
Office Manager
HR Specialist
HR Specialist
Recruitment & Hiring
Specialist
Recruitment & Hiring
Specialist
Vice President, Student Affairs
Office Manager
Head of Financial Aid
Financial Aid Specialist
Financial Aid Specialist
Head of Admissions
Admissions Specialist
Admissions Specialist
Marketing Specialist
Head of Enrollment
Registrar
Registrar
Vice President, Education
Office Manager
Dean, School of Information Technology
Dean, School of Defense
Dean, School of Offense,
Dean, School of Incident
Response
Secretary to the President
General Counsel
Ombudsperson
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet D-1
APPENDIX D LIST OF PROFESSORS
Employee ID Name Prefix First Name Last Name Email
818384 Mr. Peter Washington peter.washington@gold.pcdc.local
883936 Mr. Douglas Flores douglas.flores@ gold.pcdc.local
183071 Ms. Andrea Garcia andrea.garcia@ gold.pcdc.local
392491 Mrs. Theresa Murphy theresa.murphy@gold.pcdc.local
704709 Mr. Harold Nelson harold.nelson@gold.pcdc.local
212893 Ms. Janet Henderson janet.henderson@gold.pcdc.local
533952 Mrs. Kelly Adams kelly.adams@gold.pcdc.local
621833 Mr. Gregory Edwards gregory.edwards@gold.pcdc.local
241882 Mrs. Debra Wood debra.wood@gold.pcdc.local
623253 Mr. Cayden Stewart cayden.stewart@gold.pcdc.local
193819 Mr. Benjamin Russell benjamin.russell@gold.pcdc.local
844177 Ms. Margaret Allen margaret.allen@gold.pcdc.local
726264 Mr. Carl Collins carl.collins@gold.pcdc.local
134841 Ms. Donna Brown donna.brown@gold.pcdc.local
456747 Mr. Roy Griffin roy.griffin@gold.pcdc.local
400173 Mrs. Dorothy Edwards dorothy.edwards@gold.pcdc.local
639892 Mr. Jose Hill jose.hill@gold.pcdc.local
447813 Mrs. Ann Coleman ann.coleman@gold.pcdc.local
489424 Mr. Phillip White phillip.white@gold.pcdc.local
162402 Ms. Diana Peterson diana.peterson@gold.pcdc.local
185032 Mr. Eugene Perez eugene.perez@gold.pcdc.local
263480 Mr. Daniel Cooper daniel.cooper@gold.pcdc.local
329752 Mrs. Keisha Brown keisha.brown@gold.pcdc.local
495141 Ms. Tammy Young tammy.young@gold.pcdc.local
293459 Dr. Steven Phillips steven.phillips@gold.pcdc.local
253573 Dr. Sharon Lopez sharon.lopez@gold.pcdc.local
802554 Dr. Ryan Alexander ryan.alexander@gold.pcdc.local
214352 Dr. Beatrice Lee beatrice.lee@gold.pcdc.local
428945 Dr. Joe Robinson joe.robinson@gold.pcdc.local
761821 Dr. Ernest Washington ernest.washington@gold.pcdc.local
386158 Dr. Melissa King melissa.king@gold.pcdc.local
226714 Dr. Fatima Davis fatima.davis@gold.pcdc.local
225925 Dr. Paul Cooper paul.cooper@gold.pcdc.local
477253 Dr. Brittney Russell brittney.russell@gold.pcdc.local
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet E-1
APPENDIX E LIST OF COURSES
Course ID Course Name Course Availability
CSWF-1101 Networking Fundamentals 1 Fall Semester
CSWF-1102 Introduction to Cryptography Fall Semester
CSWF-1103 Programming 101 Fall Semester
CSWF-1104 Databases and SQL Fall Semester
CSWF-1201 Networking Fundamentals 2 Spring Semester
CSWF-1202 Advanced Cryptography Spring Semester
CSWF-1203 Advanced Programming Spring Semester
CSWF-1204 Data Science Spring Semester
CSWF-2101 Web Development and Coding Fall Semester
CSWF-2102 Internet of Things (IoT) Fall Semester
CSWF-2103 Mobile Communications Fall Semester
CSWF-2104 Introduction to Robotics Fall Semester
CSWF-2201 Artificial Intelligence Spring Semester
CSWF-2202 Cloud Concepts and Security Spring Semester
CSWF-2203 Introduction to SCADA Systems Spring Semester
CSWF-2204 Health Informatics Spring Semester
CSWF-3101 Security and Risk Management Fall Semester
CSWF-3102 Asset Security Fall Semester
CSWF-3103 Security Architecture and Engineering Fall Semester
CSWF-3104 Communication and Network Security Fall Semester
CSWF-3201 Identity and Access Management Spring Semester
CSWF-3202 Security Assessment and Testing Spring Semester
CSWF-3203 Security Operations Spring Semester
CSWF-3204 Software Development Security Spring Semester
CSWF-4101 Analyze Fall Semester
CSWF-4102 Collect and Operate Fall Semester
CSWF-4103 Investigate Fall Semester
CSWF-4104 Operate and Maintain Fall Semester
CSWF-4105 Oversee and Govern Fall Semester
CSWF-4106 Protect and Defend Fall Semester
CSWF-4107 Securely Provision Fall Semester
CSWF-4201 Cybersecurity Capstone Project Spring Semester
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
APPENDIX F ENROLLMENT INSTRUCTIONS
Enrollment:
Throughout the day you will need to enroll students into the Palmetto Cyber Defense College. Students will enroll through your web application, the admissions office, or via phone.
The web application can be found at http://10.2x.x.x It is hosted on a Tomcat server on your Ubuntu box.
Students are not officially enrolled into the college until they have been added to your Moodle instance. The Moodle instance can be accessed remotely via https://10.2x.x.x. You can enroll students individually or many at a time from a .csv file.
1. MOODLE
a. Homepage is book marked “Moodle” on Google Chrome. URL : https://10.2x.x.35
i. Login information 1. Admin 2. P@$$w0rd
b. How to Bulk Upload Users : Admin Dashboard > Site administration > Users > Accounts > Upload users > select .csv file of students > Upload Users > Username template must be ‘%f%l” > upload users.
i. The csv file must have the following header row for the upload to work correctly. “firstname,lastname,email,age,gender,satscore”
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
c. How to Add Singe User : Admin Dashboard > Site administration > Users > Accounts > Add a new user > Fill out required fields.
d. How to find User Account information : Admin Dashboard > Users > Select user. i. You can upload Users form this page as well.
2. Tomcat
3. a. Home Page URL of site hosted on Tomcat
i. http://10.2x.x.18
PALMETTO CYBER DEFENSE COLLEGE
Where Cyber Ninjas are born.
www.pcdc-sc.com
Version 1.0 2019 PCDC Blue Team Packet
b. FTP server VSFTPD is installed i. Login Information
1. Username : ftpuser 2. Password : ftpuser
ii. Windows 7, OrangeHRM server has Filezilla FTP client installed on it. 4. Only in the event of total system failure can you can enroll students manually via
telephone. Phone numbers will be distributed day of the competition. 5. Additional Trusted email accounts will be distributed on day of competition.
a. Users must use their unique PCDC email account to authenticate themselves to IT staff. New passwords will be sent to users via their email.
top related