By Joe Barr
April 21, 2008
Baker College of Flint, Mich., defeated defending champion Texas A&M
University and four other regional winners from across the country to
capture the third annual National Collegiate Cyber Defense Competition,
which concluded in San Antonio, Texas, over the weekend. Texas A&M
finished a close second, and the University of Louisville took third.
Also competing for the championship were the Community College of
Baltimore County, Mount San Antonio College of Los Angeles County, and
the Rochester Institute of Technology.
Hosted by the Center for Infrastructure Assurance and Security (CIAS) at
the University of Texas at San Antonio (UTSA), the event pits six
regional winners, each given a similar small enterprise network to
protect, against a team made up of experienced security professionals
dubbed the Red Team, a.k.a. Team Hilarious.
Teams are scored on how well they protect their identical networks, made
up a Cisco router and five servers: Windows 2003 running Internet
Information Services, Windows 2000 running DNS, Solaris X86 running
Apache and OpenSSL, Gentoo running MySQL and NFS, and BSD running
Sendmail. Team workstations can run Vista, Windows, Fedora, or BSD, as
the team prefers. Teams are required to provide SMTP, POP3, HTTP,
HTTPS,and DNS services throughout the competition, and outages on any of
those services result in deductions from their score. At specified
times, the teams are also asked to bring up FTP, SSH, RDP, and VNC
services, in accordance with the 2008 competition rules.
In addition to the attackers (the Red Team) and the defenders (the Blue
Teams), there is also a White Team. The White Team acts as the overall
network operations center, observers, and as communications center. All
requests for information, assistance, and problem reporting by the
competing teams go through the White Team; teams are not allowed direct
communication with the outside world except for publicly available
information and software available on the Internet. The White Team also
delivers in-competition requests for new services and scores the teams'
The entire event took place at the San Antonio Airport Hilton hotel, and
each team (Red, White, and each competing Blue team) had its own
private, closely guarded room. A White Team observer was present in each
competing team's room for the entire competition.
Red Team captain Dave Cowen has a jovial face and a pirate's beard. When
his laughter could be heard in the hall outside the Red Team room,
collegians winced, because they knew that another server has just fallen
prey to the Red Team's relentless attacks.
The other Red Team members (first names only) Luke, Ryan, Evan, Jacob,
and Leon are all professionals in the security industry. On Friday, the
first day of the competition, the Red Team had the adrenaline of the
hunt, the chase, the pursuit of hapless quarry, in the air, as team
members sat around the conference table, staring into the screens of
their laptops, some using two laptops at once, and sharing information
as they gleefully began probing the target networks for weaknesses and
mapping IP addresses to specific configurations.
One of the first remarks heard after the competition began was,
"Interesting, the Solaris exploit from last year still works." That was
followed shortly by Dave Cowen announcing "OK, professionals, we need a
local Solaris 5.10 exploit for privilege escalation."
In addition to a few members of the press, the Red Team room was also
visited by various federal agents. A contingent from the Secret Service
was present all weekend. Three black-suited gentlemen claiming to be
from the FBI were present Friday. Defense Information Systems Agency
agents were present as part of the competition infrastructure, and among
their other duties, helped escort journalists from room to room during
The mood in the Baltimore County Community College Blue Team room Friday
afternoon was in stark contrast with the lightness and laughter heard in
the Team Hilarious room. All seven team members were focused on the job
at hand, which was to begin securing the network they found running at
the start of the competition. Voices were muted, there was no idle
chatter, and everyone was busy at whatever task they had been assigned.
Teams are allowed to modify the configurations as they see fit during
the event, so long as they follow the rules and provide the required
services. The configuration itself seems to have been a weak spot for
defending the networks, and at the end of the competition on Sunday,
Cowen said that you reach a point where the configuration is more
important than the supply of exploits available to attackers. He made
that remark not long after hacking a team's Web server so that it
displayed their credit card database as its homepage during the last
half hour of the competition.
A two-hour awards luncheon took place shortly after the end of
competition Sunday morning. There were speeches by US Representative
Ciro Rodriguez and Cornelius Tate, the brand-new Director of the DHS
Cyber Security Division, prior to announcing the winners. This year's
competition was the closest ever, with three teams in a virtual tie
after the second day, and Baker edging defending champion Texas A&M by
the slimmest of margins at the end. Whether they took home the gold or
not, all the teams were made up of bright, skillful students, and given
the presence of two community college teams in the final six, it's
obvious that the size of the school is not as important as the skill of
its students in the world of cyber defense.
Baltimore County Community College, the only team with a female
competitor, and Mount San Antonio Community College in Los Angeles,
proved that network security skills are not the exclusive domain of
larger, better-known institutions. Their presence at this national
competition is roughly the equivalent of a community college basketball
team making it to the NCAA's Final Four, and both schools and students
deserve kudos for going head to head against teams from much larger
schools, especially since those schools may include two graduate
students on their team.
Dr. Gregory White, director of the UTSA CIAS, one of the founders of the
original competition when it was held on a regional basis rather than
nationally, explained there is a large network and computer security
population in San Antonio, primarily because the Air Intelligence Agency
is located there. UTSA was a logical place to become an academic center
for computer and network security. That led to it becoming the first
Texas university to be designated as a "Center for Academic Excellence
in Information Assurance Education" by both the DHS and the National
Security Agency, and it currently offers bachelor and masters-level
degrees in information security from several of its schools.
Sponsors for this year's event included the AT&T Foundation, DHS, Cisco
Systems, Acronis, Northrop Grumman, Accenture, the Information Systems
Security Association, Core Security, our sister site ThinkGeek, Code
Magazine, and Pepsi. White said that more sponsors are needed for future
competitions in order to do all the things CIAS wants to accomplish.
Subscribe to the InfoSec News RSS Feed