2011 CyberWatch Mid-Atlantic CCDC Virtual Qualifying Round

Introduction! 2

Technical and Scheduling Contact Information! 2

Rules Contact Information! 2

Schedule! 2

Technical Requirements:! 2

Directions for Using the Online Environment! 3

Getting Connected for the First Time! 3

Rules! 4

Scoring! 5

(c) iSIGHT Partners Distribution to Blue Cell Team! 1

IntroductionThis document will provide the basic instructions for how to setup and connect to the online environment.

Technical and Scheduling Contact InformationTim RosenbergiSIGHT Partners717-295-6201 (0)trosenberg@isightpartners.com

Rules Contact InformationEmail BOTH Tim Rosenberg (trosenberg@isightpartners.com) AND Casey OʼBrien (coBrien@ccbcmd.edu) with ALL questions regarding rules and scoring.

ScheduleJanuary 4, 2011 - emailing out of this documentJanuary 7, 5PM EST, 2011 - All pretesting must be completed unless special arrangements have been made with Tim RosenbergJanuary 10, 2011 - First round online competition beginsJanuary 24, 2011 - Last round online competition beginsNLT January 28, 2011 - Winners announced

Technical Requirements:1. Windows XP or 72. Administrator rights on the system (permission to install software)3. MSIE or Firefox4. ESX Client (3.5)5. Reliable internet connection

(c) iSIGHT Partners Distribution to Blue Cell Team! 2

Directions for Using the Online EnvironmentGetting Connected for the First Time1. Open a browser and surf to: https://metaverse.whitewolfsecurity.com

a. The SSL Certs are out of date and you may receive some warnings to that effect.2. Login using your VPN credentials (these are different than your VMware credentials)3. Download and install the Cisco AnyConnect VPN Client

a. Once the VPN client is installed on your system, you no longer need to login through the website. You may directly connect your system to the online environment using the AnyConnect Client.

4. In your browser surf to: https://10.10.8.21a. The SSL Certs are by VMware and probably not recognized by your browser. b. From the webpage; click the “Download VMware Infrastructure Client”c. Download and install the client.

5. Open the client

a. Enter one of the following IP addresses in the ʻIP Address/Nameʼ field:i. 10.10.8.21ii. 10.10.8.27iii. 10.10.8.28iv.10.10.8.29

b. Login with:i. Username: testii. Password: test

6. You should receive a login failed or similar message.

(c) iSIGHT Partners Distribution to Blue Cell Team! 3

Rules1. Login during your specified time and your specified time ONLY.2. Anyone logging in when it is not their teamʼs turn will disqualify their entire team.3. In order to compete you MUST verify the connection and email Tim Rosenberg and

Casey OʼBrien that you have tested the connection and that there are no issues. Failure to do so will result in your team not competing.

4. You will have 5 virtual machines.5. A list of servers and services will be provided to your team POC 0800 - 0900 the day

BEFORE your team is scheduled to compete. 6. NO COMMERCIAL OUTSIDE SOFTWARE ALLOWED. You must secure the

environment with local tools and/or free and open source only. You will not be able to access the Internet from the same system you are using to manage the Virtual Machines. However, the Virtual Infrastructure Client will let you mount a local CD/DVD or .iso image. This means you can have local resources prepared for uploading into the environment. You will have limited bandwidth to do so.

7. Harden the systems as best you can (for example; remove unnecessary services, terminate processes, etc.).

8. You have until your time window closes to secure the systems.9. The RedCell will be active during the event.

(c) iSIGHT Partners Distribution to Blue Cell Team! 4

Scoring1. A Nessus Scan will be performed before and after your team competes.

a. Your Vulnerability Score will be a comparison of the two scans.2. A scoring round will be conducted to ensure a fully functional (0 round) score. A 0 round

is a round where the teams scores a perfect score (0 points). A perfect score is where each scored service is on the network, processing service requests and no flags are corrupted. A flag is any piece of data (file, username/password, DB) that needs to be protected. Specific flag information will not be provided. Any service that provides data/information/login can house a flag and therefore all must be protected.

3. During your time slot we will run 4 scoring rounds per hour.a. Each scoring round will check your services for:

i. Is the port openii. Is the service functionaliii.Has the flag been deleted or corrupted (not applicable to all services)

b. For each broken or disabled service, points will be added to your Service Scorei. The lower your service score the better.

c. Each scoring round will also check for Red Cell phone home activityi. A phone home is where a Red Cell member has execute privileges on one of your

systems and ʻphones homeʼ (runs a local script) from your system to the scoring server. This proves system compromise.

ii. Each unique phone home per round will also add points to your Service Score.4. We will also check on proper completion of injects

a. Injects that are completed successfully will result in 0 point being added to your Inject Score.

b. Injects that are either not completed or completed incorrectly will result in the points for that inject being added to your Inject Score.

c. Lower inject score is better. Partial credit may be given (Inject dependent).5. DO NOT CHANGE THE PASSWORD OF THE SCOREBOT ACCOUNT on the systems.

This is used for scoring purposes. Changing this password will result in scoring penalties.

(c) iSIGHT Partners Distribution to Blue Cell Team! 5