Graduate students enrolled in the Information Assurance Practicum are given the opportunity to participate in the Rocky Mountain Collegiate Cyber Defense Competition, a two day event focused on the operational aspect of managing and protecting an existing commercial network infrastructure. Watch as cybersecurity teams from Colorado, Kansas, and New Mexico compete against each other and describe their roles within the Rocky Mountain Collegiate Cyber Defense Competition.
For two days in March 2012, teams from seven universities gathered in Denver, Colorado for the Rocky Mountain Collegiate Cyber Defense Competition. Each blue team defended their own virtual e-commerce website and network from outside red team attackers.
In the competition system we’ve got, we had 109 schools play in CCC (collegiate cyber competition) events across the country last year. We now have every state covered in the union including Alaska and Hawaii. Everybody is competing across the country for that shot at the national championship. Everybody that I’ve talked to that really wants a job, certainly the national championship, has at least one or two offers walking out of there if you don’t have one coming out of the regional event. A lot of people pick up job offers from this sort of competition event. It’s great fun, have a good time with it. It is a competition but understand you’re here to learn, and you’re going to have a good time.
Hi, my name is Phil Carson. I play the role of CEO of MistroGames, a company that is responsible for providing video games to consumers.
The Attackers (Red Team): I am a member of the red team, and our job here at this competition is to attack the student teams. We’re doing that through client side attacks, remote exploits, default usernames and passwords. Once we’re in, we are establishing a foothold, we are stealing credentials, changing the database so their company is now selling us all of their products for $0.
Kansas State University (Blue Team): I’m the coach of the Kansas State University team. I helped the guys prepare for this competition. Unfortunately, this isn’t a sport where coaches can actually coach in the competition, and it’s a little frustrating that we cannot help them a little bit.
Regis University (Blue Team): Right now we are deleting unnecessary programs and we’re installing all of our antivirus and our antispyware.
The Observers (White Team): I am part of the white team during this cyber-defense competition. I’m here to help the competition to monitor students’ status, progress, and making sure they’re following the rules and turning in their results on time.
Air Force Academy (Blue Team): If we were to take what we have out here on the cloud and essentially suck it down to here, we have direct access on all those machines, and it’s a little bit easier to do network security on machines which are local, as opposed to ones which are in the cloud.
Colorado State University (Blue Team): This is a reminder that all local user’s passwords need to be submitted to the Y team in an electronic format. So any changes we make, we need to submit.
University of New Mexico (Blue Team): Have you changed the administrator password?
Kansas State University (Blue Team): We all sort of have services that we’re in charge of, and I think we’re all just trying to do that right now. We all have specialty operating systems that we are mostly trained in. We’re pretty much just trying to get everything, all of the injects are ready to go.
University of Colorado (Blue Team): Well we have a list of the users but I guess we should still check if they’re any extras.
Operations (Black Team): This is the network operations, data center, not used for the competition. Over here we have the firewalls, routers, virtual servers, and this is where everything is coming into right now.
Regis University (Blue Team): Right now I am trying to download antivirus software for both of these MACs. It’s an extra layer of protection.
Kansas State University (Blue Team): So I can test the mystery shopper account? We’ve had some last minute problems because I couldn’t get it in, but I think I got it all worked out.
Am I missing something here?
Order complete! Alright! Good job. Feel better? Yes, it’s nice to be successful.
Regis University (Blue Team): I think it’s fun as the CEO of my company to levy unrealistic goals on the admin team defending my company.
University of Colorado (Blue Team): This is the last thing we have to do. Perform an immediate password auto on all user accounts on the active directory server FTP webserver database server. Pre-report showing what user accounts have weak passwords.
The Attackers (Red Team): Being a member of the Red team means having the capability to launch exploits at any given time at any given machine and be able to obtain access or steal personal, identifiable information from these machines or networks.
Colorado State University (Blue Team): The first day was just intense. We had no idea what we were getting ourselves into. Today it slowed down and we’re getting into the motion, and I think were actually figuring things out and actually able to protect ourselves a little bit instead of getting owned immediately like yesterday.
Fort Hays State University (Blue Team): Stressed out just like day one. But we have a plan at least I suppose.
Colorado State University (Blue Team): I think we’re all a little bit stressed out but, now that we have a little bit of a break, we’re going to get there.
Fort Hays State University (Blue Team): There’s malicious activity going on on the web page. How did they do that? I don’t know, that makes me nervous.
Regis University (Blue Team): They attacked us with a DDOS (Distributed Denial of Service).
Colorado State University (Blue Team): We’ve had a web application attack.
University of Colorado (Blue Team): They deleted every single user on the web front. Basically we don’t know what has happened.
After two days of competition, the Air Force Academy placed first. The competition not only benefits the students, but also employers as these graduates bring a more experienced skill set to the job. The competition also provides feedback for schools to examine, reinforce, and improve their security and information technology curriculum. The teams are already in training for next year.
Gain the hands on experience employers desire through Regis University’s Master’s of Information Assurance Program. Learn more about our degree completion options or call 877-820-0581 to speak to an admissions counselor today.