As previously stated, five of the eight teams took part in the first years event. It was obvious that the previous experience gave these students a leg up over the new teams, as can be expected. However, the competition between these five teams was fierce. While they might not have realized it during the event, the point spread was close enough for the majority of the event that one failed business inject or intrusion could have made the difference. However, once the event ended, there was one clear winner.
Incidentally, the winner of the 2007 Mid-Atlantic CCDC event was the same as last year; Millersville University (Figure 5). In short, this team took what they learned during the previous year and spent hours researching, testing, and practicing the necessary activities needed to lock down and secure their systems. In addition, they kept an eye out for any unusual activity and performed proactive actions to keep the red cell out of their systems. It is important to note that this team was also the only group to maintain their Shorewall based firewall, despite the fact that they had been prepared for a PIX.
Figure 5: Millersville University in Action
As a reward for finishing first in the regional event, MU will be able to attend an all-expenses paid trip to the National CCDC event to be held at San Antonio, TX from April 13th—15th 2007. We wish them luck and will be watching to see how they do!
Until then, keep in mind the lessons that these students learned during the event. Strong authentication mechanisms, fully patched systems, properly managed firewalls, and the ability the meet unexpected requests are necessary parts of a solid IT department. If you fail to meet any one of these requirements, chances are your network or your job will soon belong to someone else.