Presentation is loading. Please wait.

Presentation is loading. Please wait.

Palmetto Cyber Defense Competition 2019

Published byAlexandra Vörösné Modified over 5 years ago

Similar presentations

Presentation on theme: "Palmetto Cyber Defense Competition 2019"— Presentation transcript:

1 Palmetto Cyber Defense Competition 2019
Jeff Sweeney PCDC Director Space and Naval Warfare Systems Center Atlantic (SSC Atlantic) 59550 Information Systems Security Operations (USN) For PCDC Planning Purposes Only

2 PCDC College & Pro Q&A Can they use Stack Overflow? Resources such as this are subject to WhiteList restrictions. This will require a submission and subsequent approval to have it added to the WhiteList. As the WhiteList has not been finalized at this time, I do not have this answer. Speaking of the WhiteList: Requests are due by 01 APR.   Will teams be provided with SNORT rules? Quick answer: No. We did disclose that a system will be provided that supports this function. However, configuration an tuning of this system will be the responsibility of the various Blue Teams. The system may come with a basic set of rules already in place, but nothing more than the out of the box experience is being provided. Can teams take VM snapshots? No blue teams will not have permission to manage VM snapshots. This is an activity that impacts team scoring. Specifically, a penalty is assessed when a team rolls back a virtual machine in an effort to restore functionality. This penalty also includes a time penalty of sorts - the time it takes to submit and have the request processed. Are the physical laptops in scope or out of scope? Physical laptops are out of scope for competition. Will VMWare Tools be available? VMWare tools will be installed on all machines in advance of the competition. Energizing and Developing our Cybersecurity Workforce Now & for the Future

3 PCDC College & Pro Q&A How are the scoring areas weighted?  This information is not disclosed. How will we be accessing the whitelisted internet? Will it be through our company infrastructure or through a side/research network not in scope? (AKA, does our network need to be up to google stuff? i.e. if the red team shuts down our router will we still be able to access our whitelisted sites?) This is part of the competition architecture that each team will need to assess as part of the competition. Out of band laptops and an out of band virtual system are provided which are out of scope for Red Team. Verifying and utilizing capabilities provided by these systems is part of the competition.  Will we be able to edit the settings on our VM’s? No blue teams will not be permitted to edit or change the virtual machine settings directly. Will we have control of our internal networking? Part of the competition includes assessing the network and devising control of the networks – that includes determining components you do and do not have control over.  Do we have the ability to restart/reboot our VM’s? Yes. Administrators will have control through the operating system to reboot a system as needed. External VM controls will also be provided that allow for power on/off. Do we have the ability to create new VM’s? No. Do we have control over our edge router that connects the network we are defending with the exercise network? That falls into the category of enumeration and network control assessments each team will need to perform as part of the competition. You should be telling us if you have control of this device. Do we have a list of the services being scored for uptime? We get this question quite a bit, and consistently every year. We recommend protecting them all from Red Team. Energizing and Developing our Cybersecurity Workforce Now & for the Future

4 PCDC College & Pro Q&A What is the process for writing our own tools to use for the competition and having them put on our network? This is an aspect of the competition. You don’t’ always get to choose the tools when defending a network. Is Red Team allowed to Spoof White/Gold Team traffic and/or scoring servers? Will we be given the IPs of the scoring servers?  This information is not disclosed. When will we be given the “Business” details of the company, and what the product or valued resources are to upper management? Will the “Business time” and real time be the same (does 10 minutes of network downtime during the competition equate to 10 minutes of down time for the Business, or is it scaled?) (aid us in prioritizing defenses and managing our Blue Team resources) This information will be provided in the Blue team packets. Distribution TBD. What specific tools for port scanning and vulnerability scanning will be included and available in the environment by default? Detailed specific information is not provided. Does the Patching and Updates for servers/clients on the Blue Team network fair game for Red Team to compromise (i.e., if we use windows update, apt-get, etc. is the Red Team allowed to spoof or tamper with the updates and patches we are pulling down?) Patches are provided from an out of scope source. No warranties expressed or implied are provided. It is the blue team’s responsibility to understand an apply updates as they deem appropriate for their systems. If our edge network is “down”, do we lose the ability to patch and retrieve updates? This information is not disclosed. Approx. size of network (number of hosts, devices, servers, clients, etc.) and do we have the ability to manage the Layer2 network devices to implement and manage individual VLANs? This feels an awful lot like enumeration, and the specific details regarding quantity, size, number, version, color, and variant of system is not disclosed at any point ahead of the competition. The competition architecture is not setup to support the management of assigned VLANs by blue team network administrators. While we do not prevent Blue teams specifically from making changes to best secure their systems, there are changes possible that will result in a blue team knocking themselves offline. That’s just the nature of the competition. Energizing and Developing our Cybersecurity Workforce Now & for the Future

5 PCDC College & Pro Q&A Rules for Red Team, are they allowed to focus “solely” on certain teams, or will their focus be spread evenly throughout all the Blue Teams, no matter how “hard” or “easy” it is for the Red Team to gain and maintain access on those teams? (aka, how is it ensured that Red Team treats Blue Teams equally)  We have a Red Team leader who coordinates team engagements. Will injects NOT successfully completed deduct/remove points, or does the Blue Team just not get to earn the points that the inject is worth. (i.e., Blue Team is sitting at 500 points, inject is worth 50 points. Is it 550 points if completed, but 450 if not completed?)  Injects add points to the overall team scoring. If a team misses or chooses to skip an inject, then the opportunity to earn those points is missed putting other teams who earned those points at an advantage. If we come across a website needing to be unblocked during the competition that wasn’t previously identified, what is the process for requesting it to be opened? Will the Blue Teams be given a list of websites that are on the whitelist at the start of the competition? This is the nature of the competition. If a website is blocked and it was not submitted for whitelisting ahead of the competition, a petition can be filed with the competition judges and competition directors to review and asses the request at that time. We will note that very few exceptions have been approved in the years of competition so it is important for teams to thoroughly review and submit whitelist requests ahead of the competition. Energizing and Developing our Cybersecurity Workforce Now & for the Future

6 Important Links PCDC Website: pcdc-sc.com
PCDC Facebook: PCDC Twitter: Cyber Patriot: AFCEA: #PCDC

Download ppt "Palmetto Cyber Defense Competition 2019"

Similar presentations

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff.

Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff.
Lesson 9: Creating and Configuring Virtual Networks

Lesson 9: Creating and Configuring Virtual Networks
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.

Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.

VLAN Trunking Protocol (VTP) W.lilakiatsakun. VLAN Management Challenge (1) It is not difficult to add new VLAN for a small network.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
Managing Client Access

Managing Client Access
Test Review. What is the main advantage to using shadow copies?

Test Review. What is the main advantage to using shadow copies?
Using Windows Firewall and Windows Defender

Using Windows Firewall and Windows Defender
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
VLAN Trunking Protocol (VTP)

VLAN Trunking Protocol (VTP)
Implementing Network Access Protection

Implementing Network Access Protection
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

Similar presentations

Ads by Google