[blue team packet]pcdc-sc.com/documents/pcdc_2019-blueteampacket.pdf · version 1.0 2019 pcdc blue...

PALMETTO CYBER DEFENSE COLLEGE

Where Cyber Ninjas are born.

www.pcdc-sc.com

[BLUE TEAM PACKET] 2019 PALMETTO CYBER DEFENSE COMPETITION (PCDC)

Version 1.0



www.pcdc-sc.com

Version 1.0 2019 PCDC Blue Team Packet

April 2019

Team,

On behalf of everyone at the Palmetto Cyber Defense College (PCDC), I officially welcome you to the PCDC family!

Our team of esteemed professors and faculty have updated the curriculum to keep us on track to becoming the new leader in cyber defense education.

Over 50 students are currently enrolled in the 2018-2019 spring semester. That is double the enrollment from the 2018-2019 fall semester. Our goal is to reach at least 100 students enrolled in the 2019-2020 fall semester by the end of the day!

If we can meet this goal, PCDC will be eligible to apply for Center of Superiority status!

Welcome to the Palmetto Cyber Defense College!

Regards,

Matthew Turner

Dr. Matthew Turner

President, Palmetto Cyber Defense College



www.pcdc-sc.com


April 2019

Team,

Welcome to the Palmetto Cyber Defense College (PCDC)!

We are excited that you have accepted our job offer and agreed upon your start date. While your new position reports to the Senior System Administration, Mr. Thomas Lewis, I’d like to welcome you to the Information System Security department on behalf of all of the staff.

As mentioned during the interviews, the previous team was recently terminated due to gross mismanagement of their assigned information system assets, as well as the data assets contained within. It is important to bring these assets up to date These assets are key to our successful operation, and any assets that remain in a compromised state will need to be remediated as soon as possible. Each of us will play a role to ensure your successful integration into the department.

At the time specified by our physical security staff, you may enter the department’s office area. This department serves the information technology (IT) needs for the entire college. Key IT services are Moodle, OrangeHR, and Zimbra email. Our helpdesk services faculty, staff, and current and prospective students, as well as alumni.

Dr. Turner, the College President, has set a college-wide goal to reach 100 enrolled students for the 2019-2020 fall semester. Although enrollment does not typically fall within our department’s scope, supporting enrollment will be made a priority for today.

Attached please find some information about our network, school, and organization. If you have any questions, please contact Mr. Lewis.

We look forward to having you come on board!

Regards,

Paula Diaz

Ms. Paula Diaz

Chief Information Systems Officer (CISO), Palmetto Cyber Defense College



www.pcdc-sc.com


TABLE OF CONTENTS

1.0 ACCOUNT INFORMATION ............................................................................................... 1

1.1 Initial Password List ..................................................................................................... 1

1.2 Password Changes ........................................................................................................ 1

1.3 VoIP Authentication ..................................................................................................... 1

1.4 Email Access ................................................................................................................. 1

2.0 NETWORK OVERVIEW ..................................................................................................... 1

2.1 Alternative Laptop/VM Startup Instructions ................................................................ 1

2.2 Backups and Recovery .................................................................................................. 2

2.3 Active Defense .............................................................................................................. 2

2.4 Incident Reporting ........................................................................................................ 2

2.5 Other Requests .............................................................................................................. 3

3.0 TEAM ASSESSMENT .......................................................................................................... 3

3.1 Scoring .......................................................................................................................... 3

3.2 Injects ............................................................................................................................ 3

LIST OF APPENDICES

Appendix A Network Diagram................................................................................................. A-1

Appendix B Password Tracker ................................................................................................. B-1

Appendix C Organization Chart ............................................................................................... C-1

Appendix D List of Professors ................................................................................................. D-1

Appendix E List of Courses ..................................................................................................... E-1

Appendix F Enrollment Instructions ........................................................................................ F-1



www.pcdc-sc.com

Version 1.0 2019 PCDC Blue Team Packet 1

1.0 ACCOUNT INFORMATION

1.1 Initial Password List

At the start of the day, your team will be supplied an envelope with your initial username and password information for all assigned assets.

1.2 Password Changes

Changes of domain user accounts need to be reported to the Gold Team. Please coordinate with a call to lessen service check downtime. Failure to promptly report changes to domain user accounts can negatively impact service checks from the competition scoring engine.

1.3 VoIP Authentication

Authenticated communications via voice-over-IP (VoIP) is vital to security of injects and avoiding spoofing attacks. Initial communications from the Blue Team to the Gold Team should be authenticated with the password included in Initial Password List. Best security practice suggests that Blue Team establish a new password for all subsequent communications.

Similarly, other college employees will also be regularly contacting you and will authenticate themselves; expect them to also periodically change their passwords with you.

The attached form in Appendix B is included to assist with tracking password changes.

1.4 Email Access

You will access your email via Zimbra through the following address: mail.blueXX.pcdc.local

2.0 NETWORK OVERVIEW

Your assigned network consists of virtual machines that are accessed via the Chrome web browser installed on the provided laptops. Usernames and passwords for all assets will be provided in the Initial Password List. The network diagram is in Appendix A. Network Diagram.

The Chrome web browser on the provided laptops should automatically go to the VMware vSphere server. Should the address not appear automatically, use the following address: https://vcsa01.gold.pcdc.local

2.1 Alternative Laptop/VM Startup Instructions

1. Turn on laptop

2. Click on Blue Team icon

3. You will see a “privacy error” screen; click on advanced

4. Click on proceed to https://vcsa01.gold.pcdc.local

5. You will see the VMware vSphere screen; click on vSphere Web Client (flash)

https://vcsa01.gold.pcdc.local/

https://vcsa01.gold.pcdc.local/



www.pcdc-sc.com


6. Login to your Blue Team VM with credentials

2.2 Backups and Recovery

Teams do not have access to create snapshots of VMs, nor to recover a VM from a snapshot. Snapshot and recovery requests can be submitted to Mr. Thomas Lewis, Senior System Administration, at [email protected] using the following format:

SUBJECT: Backup/Recovery Request

BODY:

Team #: ___________

Request: ___________

Justification: ___________

Please note that recovery from a snapshot comes with a substantial cost to the department.

2.3 Active Defense

While this term is still being defined in industry (some say it includes offensive capabilities and others say it does not). We are referring to Defending Forward – countering of preventing a perceived cyber-attack by taking the fight to your adversary with the goal of taking away their ability to perform offensive cyber operations against you. This is not permitted under any circumstances. Teams should keep their actions within their own assigned assets, unless explicitly permitted by Ms. Paula Diaz, Chief Information Systems Officer (CISO).

2.4 Incident Reporting

Accurate incident reports that can be verified will net your team a modest amount of points in the end-of-day team assessment. Incident reports must contain a description of what occurred (including source and destination IP addresses, timelines of activity, passwords cracked, access obtained, damage done, etc), a discussion of what was affected, and a remediation plan. Overly inaccurate Incident Reports, especially abuse of Incident Reports, will net no points and may result in a loss of points.

Hand written reports must be legible, coherent, and professional. Should you recognize that an incident has occurred, you may contact Ms. Carolyn Hayes, the Incident Response Specialist, at [email protected] using the following format:

SUBJECT: Incident Reporting

BODY:

Team #: ___________

Time(s) of Incident: ___________

mailto:[email protected]

mailto:[email protected]



www.pcdc-sc.com


Asset(s) Affected: ___________

Source (IP Address) of Attack: ___________

Description of Attack/Incident: ___________

Remediation/Plan to Resolve: ___________

2.5 Other Requests

There will be an online Help Desk Ticketing server provided for teams to request assistance from the Gold Team. Information will be provided on the day of the competition. The ticketing server can be reached at: http://goldenticket01.pcdc.local

3.0 TEAM ASSESSMENT

Employee performance is assessed at the end of each day. A score is given to the team of employees in the same department.

3.1 Scoring

Scoring for the Information System Security department is based on keeping required services up, controlling/preventing un-authorized access, and completing business tasks, a.k.a. injects, from colleagues, supervisors, and other departments throughout the day. Teams accumulate points by successfully completing these injects and maintaining services. Teams lose points by violating service level agreements, usage of recovery services, and successful penetrations by hackers, a.k.a. the red team.

Any team action that interrupts the scoring system is exclusively the responsibility of that team and will result in a lower score. Any team member that modifies a competition system or system component, with or without intent, in order to mislead the scoring engine into assessing a system or service as operational, when in fact it is not, may be suspended or fired. Validation of this act will come with a significant points penalty as it gives the Blue Team an unfair points advantage for a service that is not actually up.

3.2 Injects

If a business tasks, a.k.a. inject, requires multiple files for fulfillment, please compress the files into a single file in .zip format. This ensures that each inject has only one upload. Please name inject emails/files in the following format:

<teamNumber>_<injectNumber>_<injectTitle>

Injects and services are weighted evenly; it is disadvantageous to ignore injects.

There will be NO partial credit for late injects, so endeavor to fulfill injects on-time. Inject responses that are turned in on-time will be allowed at least partial credit.



www.pcdc-sc.com

Version 1.0 2019 PCDC Blue Team Packet A-1

APPENDIX A NETWORK DIAGRAM



www.pcdc-sc.com

Version 1.0 2019 PCDC Blue Team Packet B-1

APPENDIX B PASSWORD TRACKER

Username Password Account Description



www.pcdc-sc.com

Version 1.0 2019 PCDC Blue Team Packet C-1

APPENDIX C ORGANIZATION CHART

President

Senior Vice President, Finance and Business

Office Manager

Payroll Specialist

Payroll Specialist

Business Finance

Specialist

Business Finance

Specialist

Chief Information Systems Officer (CISO)

Office Manager

Senior Security Officer

Security Officer

Incident Response Specialist

Senior System Administrator

OS & Software Specialist

Infrastructure Specialist

Hardware Specialist

Web Administrator

Senior Helpdesk Specialist

Helpdesk Specialist

Helpdesk Specialist

Vice President, Human Resources & Recruitment

Office Manager

HR Specialist

HR Specialist

Recruitment & Hiring

Specialist

Recruitment & Hiring

Specialist

Vice President, Student Affairs

Office Manager

Head of Financial Aid

Financial Aid Specialist

Financial Aid Specialist

Head of Admissions

Admissions Specialist

Admissions Specialist

Marketing Specialist

Head of Enrollment

Registrar

Registrar

Vice President, Education

Office Manager

Dean, School of Information Technology

Dean, School of Defense

Dean, School of Offense,

Dean, School of Incident

Response

Secretary to the President

General Counsel

Ombudsperson



www.pcdc-sc.com

Version 1.0 2019 PCDC Blue Team Packet D-1

APPENDIX D LIST OF PROFESSORS

Employee ID Name Prefix First Name Last Name Email

818384 Mr. Peter Washington [email protected]

883936 Mr. Douglas Flores douglas.flores@ gold.pcdc.local

183071 Ms. Andrea Garcia andrea.garcia@ gold.pcdc.local

392491 Mrs. Theresa Murphy [email protected]

704709 Mr. Harold Nelson [email protected]

212893 Ms. Janet Henderson [email protected]

533952 Mrs. Kelly Adams [email protected]

621833 Mr. Gregory Edwards [email protected]

241882 Mrs. Debra Wood [email protected]

623253 Mr. Cayden Stewart [email protected]

193819 Mr. Benjamin Russell [email protected]

844177 Ms. Margaret Allen [email protected]

726264 Mr. Carl Collins [email protected]

134841 Ms. Donna Brown [email protected]

456747 Mr. Roy Griffin [email protected]

400173 Mrs. Dorothy Edwards [email protected]

639892 Mr. Jose Hill [email protected]

447813 Mrs. Ann Coleman [email protected]

489424 Mr. Phillip White [email protected]

162402 Ms. Diana Peterson [email protected]

185032 Mr. Eugene Perez [email protected]

263480 Mr. Daniel Cooper [email protected]

329752 Mrs. Keisha Brown [email protected]

495141 Ms. Tammy Young [email protected]

293459 Dr. Steven Phillips [email protected]

253573 Dr. Sharon Lopez [email protected]

802554 Dr. Ryan Alexander [email protected]

214352 Dr. Beatrice Lee [email protected]

428945 Dr. Joe Robinson [email protected]

761821 Dr. Ernest Washington [email protected]

386158 Dr. Melissa King [email protected]

226714 Dr. Fatima Davis [email protected]

225925 Dr. Paul Cooper [email protected]

477253 Dr. Brittney Russell [email protected]



www.pcdc-sc.com

Version 1.0 2019 PCDC Blue Team Packet E-1

APPENDIX E LIST OF COURSES

Course ID Course Name Course Availability

CSWF-1101 Networking Fundamentals 1 Fall Semester

CSWF-1102 Introduction to Cryptography Fall Semester

CSWF-1103 Programming 101 Fall Semester

CSWF-1104 Databases and SQL Fall Semester

CSWF-1201 Networking Fundamentals 2 Spring Semester

CSWF-1202 Advanced Cryptography Spring Semester

CSWF-1203 Advanced Programming Spring Semester

CSWF-1204 Data Science Spring Semester

CSWF-2101 Web Development and Coding Fall Semester

CSWF-2102 Internet of Things (IoT) Fall Semester

CSWF-2103 Mobile Communications Fall Semester

CSWF-2104 Introduction to Robotics Fall Semester

CSWF-2201 Artificial Intelligence Spring Semester

CSWF-2202 Cloud Concepts and Security Spring Semester

CSWF-2203 Introduction to SCADA Systems Spring Semester

CSWF-2204 Health Informatics Spring Semester

CSWF-3101 Security and Risk Management Fall Semester

CSWF-3102 Asset Security Fall Semester

CSWF-3103 Security Architecture and Engineering Fall Semester

CSWF-3104 Communication and Network Security Fall Semester

CSWF-3201 Identity and Access Management Spring Semester

CSWF-3202 Security Assessment and Testing Spring Semester

CSWF-3203 Security Operations Spring Semester

CSWF-3204 Software Development Security Spring Semester

CSWF-4101 Analyze Fall Semester

CSWF-4102 Collect and Operate Fall Semester

CSWF-4103 Investigate Fall Semester

CSWF-4104 Operate and Maintain Fall Semester

CSWF-4105 Oversee and Govern Fall Semester

CSWF-4106 Protect and Defend Fall Semester

CSWF-4107 Securely Provision Fall Semester

CSWF-4201 Cybersecurity Capstone Project Spring Semester



www.pcdc-sc.com


APPENDIX F ENROLLMENT INSTRUCTIONS

Enrollment:

Throughout the day you will need to enroll students into the Palmetto Cyber Defense College. Students will enroll through your web application, the admissions office, or via phone.

The web application can be found at http://10.2x.x.x It is hosted on a Tomcat server on your Ubuntu box.

Students are not officially enrolled into the college until they have been added to your Moodle instance. The Moodle instance can be accessed remotely via https://10.2x.x.x. You can enroll students individually or many at a time from a .csv file.

1. MOODLE

a. Homepage is book marked “Moodle” on Google Chrome. URL : https://10.2x.x.35

i. Login information 1. Admin 2. P@$$w0rd

b. How to Bulk Upload Users : Admin Dashboard > Site administration > Users > Accounts > Upload users > select .csv file of students > Upload Users > Username template must be ‘%f%l” > upload users.

i. The csv file must have the following header row for the upload to work correctly. “firstname,lastname,email,age,gender,satscore”

https://10.2x.x.x/

https://10.2x.x.35/



www.pcdc-sc.com


c. How to Add Singe User : Admin Dashboard > Site administration > Users > Accounts > Add a new user > Fill out required fields.

d. How to find User Account information : Admin Dashboard > Users > Select user. i. You can upload Users form this page as well.

2. Tomcat

3. a. Home Page URL of site hosted on Tomcat

i. http://10.2x.x.18



www.pcdc-sc.com


b. FTP server VSFTPD is installed i. Login Information

1. Username : ftpuser 2. Password : ftpuser

ii. Windows 7, OrangeHRM server has Filezilla FTP client installed on it. 4. Only in the event of total system failure can you can enroll students manually via

telephone. Phone numbers will be distributed day of the competition. 5. Additional Trusted email accounts will be distributed on day of competition.

a. Users must use their unique PCDC email account to authenticate themselves to IT staff. New passwords will be sent to users via their email.

[blue team packet]pcdc-sc.com/documents/pcdc_2019-blueteampacket.pdf · version 1.0 2019 pcdc blue...

Documents