CCDC Prep Kickoff Coach Cherise Gutierrez 9-11-15 Collegiate Cyber Defense Competition Sponsored by The Security Club & Center for Information Security Research and Education University of Houston College of Technology CCDC Prep Kickoff Coach Cherise Gutierrez 9-11-15

Competition Scenario Example Keys to Success Planning the Roster Agenda CCDC Overview Competition Scenario Example Keys to Success Planning the Roster Practice Guidance Practice Commitment Focus curriculum & Guest Speakers

CCDC Overview Blue Team: The CCDC represents a collection of defense-only competitions in cyber-security. The competition is designed to test each student team’s ability to secure a networked computer system while maintaining standard business functionality. The teams are expected to manage the computer network, keep it operational, and prevent unauthorized access. Each team will be expected to maintain and provide public services per company policy and mission. Each team will start the competition with a set of identically configured systems. The objective of the competition is to measure a team’s ability to maintain secure computer network operations in a simulated business environment. This is not just a technical competition, but also one built upon the foundation of business operations, policy, and procedures. A technical success that adversely impacts the business operation will result in a lower score as will a business success which results in security weaknesses. Student teams will be scored on the basis of their ability to detect and respond to outside threats, including cyber-attacks, while maintaining availability of existing network services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security against varying business needs. Competition : State, Regional, National (February – April 2016) Blue Team: *Fulltime students 12 Roster, 8 will compete Only 2 Graduate students can compete

Mid-Coast Atlantic 2015 Regional: Competition Scenario Mid-Coast Atlantic 2015 Regional: This year’s scenario, “Operation Transit Storm,” pits the college teams against the fictitious Hackistan Army of Liberation (HAL), which will be portrayed by professional cybersecurity experts. The teams are informed that HAL has publicly threatened U.S. citizens and plans to target regional commuter rail control networks and information systems. The college teams will attempt to operate a simulated version of a commuter rail system’s IT infrastructure, and be responsible for defending and maintaining the system for the duration of the competition, enduring numerous attempts to sabotage and disrupt the railway.   We had to keep the network secure while taking customer complaints about power outages We might be asked to set up a new network appliance, printer or even conduct a forensic examination of the computer for Bobby Joe, one of the many disgruntled employees fired. Students are held accountable for maintaining the organization’s critical technology services, commonly including DNS, HTTP, HTTPS, FTP, and SMTP. At the same time, students must respond to business challenges issued by the simulated organization’s leadership. Business initiatives frequently involve writing information security policies, performing audits to ensure regulatory compliance, and explaining technical concepts to less technical audiences.

University of Central Florida Winning Team Keys to Success They became a very tight-knit You quickly learn your teammates’ strengths and weaknesses The team trained three days a week, four hours at a time, during the entire spring semester. While each of the eight students specialized in different cyber disciplines, the team studied each other's specialties so they could back each other up in a crisis  

Planning the Roster Some of the skills, knowledge and abilities that experienced CCDC competitors, coaches and directors name as essential include: • Common Unix Printing System (CUPS) • Computer Forensics • Database administration • Directory services (e.g., Active Directory) • Domain Name System (DNS) • E-mail Servers (Exchange and sendmail) • File Servers • File Transfer Protocol (FTP) services • Hacking Tools (Note: teams should create their own toolbox to aid in the detection of suspicious activity (e.g.., websites to use, tools to download, etc.) • HTML • Networking devices (to include switches, firewalls, routers) • Samba • Secure Shell (SSH) • SQL • Syslog • Virtual Private Networking (VPN)/remote access • Web servers (both Apache and IIS) • Windows and UNIX/Linux system administration and hardening  

Teams average between 10 and 30 hours of practice a week Practice Guidance Teams average between 10 and 30 hours of practice a week Strategy to Consider Practice until you understand what is normal: The longer you practice with an operating system, the better you will know what processes, behaviors, files, and activities are part of the actual operating system. The only way to do this is with practice installing and working with different parts of the operating system and seeing what changes, adds, deletions and executions are normal (ex. what accounts should own processes, what ports should be open, etc.) During practice times, teams should set time limits. High scoring teams have good time management and get tasks done on time Teams should practice addressing the basics Strong CCDC teams have developed a good game plan during practice which will help them begin changing default passwords and move as quickly as possible to patching Practice triage and approaching problems from diverse perspectives; not all services and hardware will be available when your team needs them Teams learn to collaborate and help one another during practice. This means that team members need to know what their job is and communicate when they need help https://scout.wisc.edu/cyberwatch/downloads/62/NCC_Press_How_To_Prepare_For_the_CCDC.pdf

Practice Guidance cont. Experts suggest that teams practice patching systems and getting services running without direct access to the Internet Forensics techniques that teams should practice include capturing live memory and network traffic, using Volatility to find possible malware, creating and scanning timelines for malicious activity, and working with forensic artifacts such as prefect and the application compatibility cache. This Red Team alum listed the following tasks as imperative to know how to do from memory: • Operating System User Administration: Users, Groups, Sudo, Permissions, Change Passwords • Remote access: SSH Server, VNC/RDP, Define ACLs • Database access control: Change passwords, investigate possible Personally Identifiable Information (PII) • Security configurations for anticipated systems and services https://scout.wisc.edu/cyberwatch/downloads/62/NCC_Press_How_To_Prepare_For_the_CCDC.pdf

Identify your strength and build upon that area Form working groups Practice Commitment You Me Identify your strength and build upon that area Form working groups Team work Commitment and dedication Practice! Weekly guidance & coaching Curriculum focus Real world experiences Mock practices Industry Guest speakers The team that competes will have demonstrated capable competency for a specific area, commitment to practicing, and team work..

The Security Club Sponsors Contact Info The Security Club Sponsors Dr. Bronk Matt Rhodades rhoades07@yahoo.com Sangita Prajapati smprajapati@uh.edu Javeria Pirzada jpirzad@uh.edu Coach : Cherise Gutierrez cherise@cyberthreatbegone.com Cell 832-361-0786