[BLUE TEAM PACKET] 2019 PALMETTO CYBER DEFENSE COMPETITION (PCDC) PALMETTO CYBER DEFENSE COLLEGE. Version 1.0

Transcription

1 [BLUE TEAM PACKET] 2019 PALMETTO CYBER DEFENSE COMPETITION (PCDC)

2 April 2019 Team, On behalf of everyone at the Palmetto Cyber Defense College (PCDC), I officially welcome you to the PCDC family! Our team of esteemed professors and faculty have updated the curriculum to keep us on track to becoming the new leader in cyber defense education. Over 50 students are currently enrolled in the spring semester. That is double the enrollment from the fall semester. Our goal is to reach at least 100 students enrolled in the fall semester by the end of the day! If we can meet this goal, PCDC will be eligible to apply for Center of Superiority status! Welcome to the Palmetto Cyber Defense College! Regards, Matthew Turner Dr. Matthew Turner President, Palmetto Cyber Defense College

3 April 2019 Team, Welcome to the Palmetto Cyber Defense College (PCDC)! We are excited that you have accepted our job offer and agreed upon your start date. While your new position reports to the Senior System Administration, Mr. Thomas Lewis, I d like to welcome you to the Information System Security department on behalf of all of the staff. As mentioned during the interviews, the previous team was recently terminated due to gross mismanagement of their assigned information system assets, as well as the data assets contained within. It is important to bring these assets up to date These assets are key to our successful operation, and any assets that remain in a compromised state will need to be remediated as soon as possible. Each of us will play a role to ensure your successful integration into the department. At the time specified by our physical security staff, you may enter the department s office area. This department serves the information technology (IT) needs for the entire college. Key IT services are Moodle, OrangeHR, and Zimbra . Our helpdesk services faculty, staff, and current and prospective students, as well as alumni. Dr. Turner, the College President, has set a college-wide goal to reach 100 enrolled students for the fall semester. Although enrollment does not typically fall within our department s scope, supporting enrollment will be made a priority for today. Attached please find some information about our network, school, and organization. If you have any questions, please contact Mr. Lewis. We look forward to having you come on board! Regards, Paula Diaz Ms. Paula Diaz Chief Information Systems Officer (CISO), Palmetto Cyber Defense College

4 TABLE OF CONTENTS 1.0 ACCOUNT INFORMATION Initial Password List Password Changes VoIP Authentication Access NETWORK OVERVIEW Alternative Laptop/VM Startup Instructions Backups and Recovery Active Defense Incident Reporting Other Requests TEAM ASSESSMENT Scoring Injects... 3 LIST OF APPENDICES Appendix A Network Diagram... A-1 Appendix B Password Tracker... B-1 Appendix C Organization Chart... C-1 Appendix D List of Professors... D-1 Appendix E List of Courses... E-1 Appendix F Enrollment Instructions... F-1

5 1.0 ACCOUNT INFORMATION 1.1 Initial Password List At the start of the day, your team will be supplied an envelope with your initial username and password information for all assigned assets. 1.2 Password Changes Changes of domain user accounts need to be reported to the Gold Team. Please coordinate with a call to lessen service check downtime. Failure to promptly report changes to domain user accounts can negatively impact service checks from the competition scoring engine. 1.3 VoIP Authentication Authenticated communications via voice-over-ip (VoIP) is vital to security of injects and avoiding spoofing attacks. Initial communications from the Blue Team to the Gold Team should be authenticated with the password included in Initial Password List. Best security practice suggests that Blue Team establish a new password for all subsequent communications. Similarly, other college employees will also be regularly contacting you and will authenticate themselves; expect them to also periodically change their passwords with you. The attached form in Appendix B is included to assist with tracking password changes Access You will access your via Zimbra through the following address: mail.bluexx.pcdc.local 2.0 NETWORK OVERVIEW Your assigned network consists of virtual machines that are accessed via the Chrome web browser installed on the provided laptops. Usernames and passwords for all assets will be provided in the Initial Password List. The network diagram is in Appendix A. Network Diagram. The Chrome web browser on the provided laptops should automatically go to the VMware vsphere server. Should the address not appear automatically, use the following address: Alternative Laptop/VM Startup Instructions 1. Turn on laptop 2. Click on Blue Team icon 3. You will see a privacy error screen; click on advanced 4. Click on proceed to 5. You will see the VMware vsphere screen; click on vsphere Web Client (flash) 1

6 6. Login to your Blue Team VM with credentials 2.2 Backups and Recovery Teams do not have access to create snapshots of VMs, nor to recover a VM from a snapshot. Snapshot and recovery requests can be submitted to Mr. Thomas Lewis, Senior System Administration, at Thomas.Lewis.IT@gold.pcdc.local using the following format: SUBJECT: Backup/Recovery Request BODY: Team #: Request: Justification: Please note that recovery from a snapshot comes with a substantial cost to the department. 2.3 Active Defense While this term is still being defined in industry (some say it includes offensive capabilities and others say it does not). We are referring to Defending Forward countering of preventing a perceived cyber-attack by taking the fight to your adversary with the goal of taking away their ability to perform offensive cyber operations against you. This is not permitted under any circumstances. Teams should keep their actions within their own assigned assets, unless explicitly permitted by Ms. Paula Diaz, Chief Information Systems Officer (CISO). 2.4 Incident Reporting Accurate incident reports that can be verified will net your team a modest amount of points in the end-of-day team assessment. Incident reports must contain a description of what occurred (including source and destination IP addresses, timelines of activity, passwords cracked, access obtained, damage done, etc), a discussion of what was affected, and a remediation plan. Overly inaccurate Incident Reports, especially abuse of Incident Reports, will net no points and may result in a loss of points. Hand written reports must be legible, coherent, and professional. Should you recognize that an incident has occurred, you may contact Ms. Carolyn Hayes, the Incident Response, at Carolyn.Hayes.it@gold.pcdc.local using the following format: SUBJECT: Incident Reporting BODY: Team #: Time(s) of Incident:

7 2.5 Other Requests Asset(s) Affected: Source (IP Address) of Attack: Description of Attack/Incident: Remediation/Plan to Resolve: There will be an online Help Desk Ticketing server provided for teams to request assistance from the Gold Team. Information will be provided on the day of the competition. The ticketing server can be reached at: TEAM ASSESSMENT Employee performance is assessed at the end of each day. A score is given to the team of employees in the same department. 3.1 Scoring Scoring for the Information System Security department is based on keeping required services up, controlling/preventing un-authorized access, and completing business tasks, a.k.a. injects, from colleagues, supervisors, and other departments throughout the day. Teams accumulate points by successfully completing these injects and maintaining services. Teams lose points by violating service level agreements, usage of recovery services, and successful penetrations by hackers, a.k.a. the red team. Any team action that interrupts the scoring system is exclusively the responsibility of that team and will result in a lower score. Any team member that modifies a competition system or system component, with or without intent, in order to mislead the scoring engine into assessing a system or service as operational, when in fact it is not, may be suspended or fired. Validation of this act will come with a significant points penalty as it gives the Blue Team an unfair points advantage for a service that is not actually up. 3.2 Injects If a business tasks, a.k.a. inject, requires multiple files for fulfillment, please compress the files into a single file in.zip format. This ensures that each inject has only one upload. Please name inject s/files in the following format: <teamnumber>_<injectnumber>_<injecttitle> Injects and services are weighted evenly; it is disadvantageous to ignore injects. There will be NO partial credit for late injects, so endeavor to fulfill injects on-time. Inject responses that are turned in on-time will be allowed at least partial credit.

8 APPENDIX A NETWORK DIAGRAM A-1

9 APPENDIX B PASSWORD TRACKER Username Password Account Description B-1

10 APPENDIX C ORGANIZATION CHART President Secretary to the President General Counsel Ombudsperson Senior Vice President, Finance and Business Chief Information Systems Officer (CISO) Vice President, Human Resources & Recruitment Vice President, Student Affairs Vice President, Education Office Manager Office Manager Office Manager Office Manager Office Manager Payroll Senior Security Officer HR Head of Financial Aid Dean, School of Information Technology Payroll Security Officer HR Financial Aid Dean, School of Defense Business Finance Incident Response Recruitment & Hiring Financial Aid Dean, School of Offense, Business Finance Senior System Administrator Recruitment & Hiring Head of Admissions Dean, School of Incident Response OS & Software Admissions Infrastructure Admissions Hardware Marketing Web Administrator Head of Enrollment Senior Helpdesk Registrar Helpdesk Registrar Helpdesk C-1

11 APPENDIX D LIST OF PROFESSORS Employee ID Name Prefix First Name Last Name Mr. Peter Washington peter.washington@gold.pcdc.local Mr. Douglas Flores douglas.flores@ gold.pcdc.local Ms. Andrea Garcia andrea.garcia@ gold.pcdc.local Mrs. Theresa Murphy theresa.murphy@gold.pcdc.local Mr. Harold Nelson harold.nelson@gold.pcdc.local Ms. Janet Henderson janet.henderson@gold.pcdc.local Mrs. Kelly Adams kelly.adams@gold.pcdc.local Mr. Gregory Edwards gregory.edwards@gold.pcdc.local Mrs. Debra Wood debra.wood@gold.pcdc.local Mr. Cayden Stewart cayden.stewart@gold.pcdc.local Mr. Benjamin Russell benjamin.russell@gold.pcdc.local Ms. Margaret Allen margaret.allen@gold.pcdc.local Mr. Carl Collins carl.collins@gold.pcdc.local Ms. Donna Brown donna.brown@gold.pcdc.local Mr. Roy Griffin roy.griffin@gold.pcdc.local Mrs. Dorothy Edwards dorothy.edwards@gold.pcdc.local Mr. Jose Hill jose.hill@gold.pcdc.local Mrs. Ann Coleman ann.coleman@gold.pcdc.local Mr. Phillip White phillip.white@gold.pcdc.local Ms. Diana Peterson diana.peterson@gold.pcdc.local Mr. Eugene Perez eugene.perez@gold.pcdc.local Mr. Daniel Cooper daniel.cooper@gold.pcdc.local Mrs. Keisha Brown keisha.brown@gold.pcdc.local Ms. Tammy Young tammy.young@gold.pcdc.local Dr. Steven Phillips steven.phillips@gold.pcdc.local Dr. Sharon Lopez sharon.lopez@gold.pcdc.local Dr. Ryan Alexander ryan.alexander@gold.pcdc.local Dr. Beatrice Lee beatrice.lee@gold.pcdc.local Dr. Joe Robinson joe.robinson@gold.pcdc.local Dr. Ernest Washington ernest.washington@gold.pcdc.local Dr. Melissa King melissa.king@gold.pcdc.local Dr. Fatima Davis fatima.davis@gold.pcdc.local Dr. Paul Cooper paul.cooper@gold.pcdc.local Dr. Brittney Russell brittney.russell@gold.pcdc.local D-1

12 APPENDIX E LIST OF COURSES Course ID Course Name Course Availability CSWF-1101 Networking Fundamentals 1 Fall Semester CSWF-1102 Introduction to Cryptography Fall Semester CSWF-1103 Programming 101 Fall Semester CSWF-1104 Databases and SQL Fall Semester CSWF-1201 Networking Fundamentals 2 Spring Semester CSWF-1202 Advanced Cryptography Spring Semester CSWF-1203 Advanced Programming Spring Semester CSWF-1204 Data Science Spring Semester CSWF-2101 Web Development and Coding Fall Semester CSWF-2102 Internet of Things (IoT) Fall Semester CSWF-2103 Mobile Communications Fall Semester CSWF-2104 Introduction to Robotics Fall Semester CSWF-2201 Artificial Intelligence Spring Semester CSWF-2202 Cloud Concepts and Security Spring Semester CSWF-2203 Introduction to SCADA Systems Spring Semester CSWF-2204 Health Informatics Spring Semester CSWF-3101 Security and Risk Management Fall Semester CSWF-3102 Asset Security Fall Semester CSWF-3103 Security Architecture and Engineering Fall Semester CSWF-3104 Communication and Network Security Fall Semester CSWF-3201 Identity and Access Management Spring Semester CSWF-3202 Security Assessment and Testing Spring Semester CSWF-3203 Security Operations Spring Semester CSWF-3204 Software Development Security Spring Semester CSWF-4101 Analyze Fall Semester CSWF-4102 Collect and Operate Fall Semester CSWF-4103 Investigate Fall Semester CSWF-4104 Operate and Maintain Fall Semester CSWF-4105 Oversee and Govern Fall Semester CSWF-4106 Protect and Defend Fall Semester CSWF-4107 Securely Provision Fall Semester CSWF-4201 Cybersecurity Capstone Project Spring Semester E-1

13 APPENDIX F ENROLLMENT INSTRUCTIONS Enrollment: Throughout the day you will need to enroll students into the Palmetto Cyber Defense College. Students will enroll through your web application, the admissions office, or via phone. The web application can be found at It is hosted on a Tomcat server on your Ubuntu box. Students are not officially enrolled into the college until they have been added to your Moodle instance. The Moodle instance can be accessed remotely via You can enroll students individually or many at a time from a.csv file. 1. MOODLE a. Homepage is book marked Moodle on Google Chrome. URL : i. Login information 1. Admin 2. P@$$w0rd b. How to Bulk Upload Users : Admin Dashboard > Site administration > Users > Accounts > Upload users > select.csv file of students > Upload Users > Username template must be %f%l > upload users. i. The csv file must have the following header row for the upload to work correctly. firstname,lastname, ,age,gender,satscore

14 c. How to Add Singe User : Admin Dashboard > Site administration > Users > Accounts > Add a new user > Fill out required fields. 2. Tomcat d. How to find User Account information : Admin Dashboard > Users > Select user. i. You can upload Users form this page as well. 3. a. Home Page URL of site hosted on Tomcat i.

15 b. FTP server VSFTPD is installed i. Login Information 1. Username : ftpuser 2. Password : ftpuser ii. Windows 7, OrangeHRM server has Filezilla FTP client installed on it. 4. Only in the event of total system failure can you can enroll students manually via telephone. Phone numbers will be distributed day of the competition. 5. Additional Trusted accounts will be distributed on day of competition. a. Users must use their unique PCDC account to authenticate themselves to IT staff. New passwords will be sent to users via their .