Abstract
In a cyber defense competition, students design, configure, and maintain a set of servers and a network in a secure manner. The students’ goal during the competition is to prevent security breaches and to remediate any exploits that occur while maintaining a fully functional network for their end users. Cyber defense competitions provide active student learning, mimic real-world situations, and provide engagement with computer and network security topics. To date, Iowa State University has hosted 18 cyber defense competitions across four divisions: high school students, community college students, ISU students, and four-year university students from across the nation. This chapter provides a brief history of cyber defense competitions, as well as describes how they are run. The authors also address the needs of different audiences who participate in cyber defense competitions and show that beyond building and strengthening computer and network security skills, cyber defense competitions can be used for recruitment, retention, advanced training, and experimentation for students.
TopIntroduction
Cyber defense, as well as protection of other critical infrastructures, is at the forefront of security professionals' agendas, as well as the nation's psyche. The ongoing release of new viruses, day one attacks and the threat to our national infrastructure, including Supervisory and Control and Data Acquisition (SCADA) systems, demonstrates the need for professionals trained in the science, as well as the art, of cyber defense and computer and network security.
Several institutions of higher education offer degrees in information assurance or computer and network security. These programs generally teach at least one course in information warfare or information assurance where students conduct lab experiments that demonstrate current security vulnerabilities and allow students to exploit those vulnerabilities in a controlled manner. Some programs, ours at Iowa State University (ISU) included, provide a break-in laboratory which allows students several weeks to attack a dummy corporation's network in an attempt to understand how an attacker may use social engineering, software or application vulnerabilities and brute force to gain access to systems, networks, databases and corporate documents.
While these classes are useful and provide training to many four-year students, we have found that cyber defense competitions develop additional skills and a deeper understanding in computer and network security than coursework does alone, even when labs as described above are included. Students who compete in cyber defense competitions not only gain knowledge, but also increase their interest in working in the cyber security area. They also receive real world experience in configuring and protecting a network just as security professionals do on a daily basis. At ISU, we run four cyber defense competitions per year for students. One each for Iowa high school, Iowa community college (two-year), ISU students and four-year students from universities across the nation. To date we have run 18 cyber defense competitions with more four more planned for 2011. While participation varies from 40 to 175 depending upon the event, we have had nearly 1350 students participate in cyber defense competitions over the past five years. We also run cyber defense competition/security workshop combinations for Information Technology professionals who are tasked with ensuring security for computer and network system, as well as Computer Science or Information Technology faculty who want to learn more about security and running their own cyber defense competitions. We have found these individuals also benefit from the ability to learn and work, as well as test out new attack and defense mechanisms, in a controlled environment.
This book chapter provides a brief history of cyber defense competitions, as well as describes how they are run. It also addresses the needs of different audiences who participate in cyber defense competitions. This chapter demonstrates that beyond building and strengthening computer and network security skills, the cyber defense competitions can be used for recruitment, retention, advanced training and experimentation for students. The audiences that will be covered include high school students, community college students, four-year university students and Information Technology professionals and faculty.
Key Terms in this Chapter
Green Team: The team of people are assigned to play the role of end users of the Blue Teams' networks. They can request changes to be made to the Blue Teams' network throughout the competition in the form of anomalies. The Green Team members are recruited from undergraduate student population, less technical corporate partners and ISU faculty across campus. This wide variety of computer skill levels provides true tests of usability for the Blue Teams. The addition of the Green Team is what helps keep the students focused on providing a useable network, as well as a secure one.
ISEAGE: Pronounced ice-age. It is an acronym for Internet-Scale Attack and Generation Environment. It is a testbed that creates a virtual Internet for researching, designing and testing cyber defense mechanisms, as well as analyzing cyber attacks. It allows real attacks to be played out without worries and can represent any IP address space. In addition to address space mapping, it also has tools to generate background traffic and background attacks. It has an air gap proxy server through which students can connect to the Internet to download patches or to research information about anomalies, but only traffic on port 80 is allowed. Work is underway for a version of the ISEAGE testbed that is implemented in software and can be exported for others to use.
Anomalies: Activities that occur approximately every 60 to 90 minutes throughout the cyber defense competition which are designed to keep Blue Teams engaged and slightly off balance just as real IT staffs get engaged in new projects and may overlook intrusions or security risks in new implementations. Anomalies may run counter to the goal of having secure systems or may be to have the teams install some of the latest software that opens holes in their servers. The Blue Team must then decide how, or if, to implement the request on their network and how to implement it security.
Red Team: The group of IT professionals, faculty and graduate students that tests each Blue Team network for vulnerabilities and plays the role of attackers in the competition. Their job is to actively network scans and actively penetration testing against the Blue Teams’ networks. Once vulnerabilities are found, the Red Team may act on those to gain access to the servers of interest. First, they must capture the flag on that server to prove that they have access to the box. Then, once they have the flag, they can reconfigure it, install additional software on it, install a virus on it or take any variety of steps that an attacker might take on a production server.
Flags: Encrypted files which contain a unique string and are required to be stored in a specific directory location on specific servers the teams are running. The Red Team must captures these flags from or plant flags onto the Blue Teams' systems demonstrating their penetration of the system. Blue Teams lose points for having flags captured or placed on their systems.
White Team: The team who oversees the cyber defense competition and adjudicates the event. They are also responsible for recording scores for the Blue Teams given by the Green Team and Red Team on usability and security, respectively. The White Team also reads the security reports and scores them for accuracy and countermeasures.
Blue Team: Student teams participating in the cyber defense competition. They play the role of IT support staff in the event and are tasked with designing, installing and securing their competition network. They also defend their network from the Red Team and earn points through participating in anomalies, writing security reports and keeping services running and usable for their end users.
Cyber Defense Competition: Students design, configure and maintain a set of servers and a network in a secure manner and in a relatively short, one-month period of time. During the two-day competition, their goal is to prevent, if possible, any security violations or attacks on their network and report and correct any problems that arise. They also must maintain full functionality of their systems for the end users.