There are several different groups involved with the games. Each has a function, and a tag. The white cell is there to keep the games running smoothly. Gold members are the judges and professors who basically monitored the games from afar. The red cell was there to attack, and finally, the law enforcement was there to arrest the hackers.
At the beginning of the game, everyone starts with zero points. If the team can keep all the services open, and a selection of 'target' files available, they keep that zero. However, if a team suffers from a loss of confidentiality, integrity, or availability in any other way, they start collecting points — sometimes quite rapidly. Figure 1 is a shot of the scorebot system, and backend components of the network.
Figure 1: Scorebot system
One particular aspect of this game that added significant value was the inclusion of a reporting process to the authorities. On hand was a real US Secret Service agent who deals with computer-related crimes on a regular basis. His job in the game was to show up on scene when a student team detected an attack. If the incident report was filled out correctly (see a real incident report from USSS web site: http://www.secretservice.gov/forms/form_ssf4017.pdf), the team would get points taken away from their growing score. This aspect to the game was actually one of the most valuable as one who has had to deal with the authorities before. Not only will this experience give each of the students something to look back on if they ever have to deal with the government for real, but they also now have someone they can talk to if something does arise.
The Network Layout
The network was separated into seven different subnets. Five were split up between the teams, one was used for scoring systems, and the final was for the Red Team. At the edge of each of the student's networks was a router and firewall, which were off limits until the second day and third days, respectively. Finally, each school had four servers in a DMZ that were connected to the firewall, each with a 'public' IP and a specific purpose. In addition to this, they had two workstations that were in the protected area of the network that were used for syslogging and other functions. The following breaks down the initial system setup — try not to grimace.
- Alpha1 – Windows 2003 Server running IIS 6.0 (HTTP/HTTPS), MYSQL and OSCommerce (with PHP support).
- Alpha2 – Fedora Core 4.0 with VSFTPD and DNS (BIND)
- Alpha3 – Fedora Core 3.0 with SSH
- Alpha4 – Windows 2000 Server with IIS5.0, MYSQL, Telnet, SMTP/POP, and DNS (Secondary) running an HR database.
Each system and program was of an unknown patch state/version. In addition, there was a network IP camera thrown in for grins and giggles. Welcome to most small IT shops where money is tight and time is valuable. Figure 2 provides a look at an unmanned pod. Note the four monitors that are connected to the stack via KVM.
Figure 2: Unmanned pod
To make the games a bit more realistic, each team would receive various business objectives that would have to be completed in due course, or they would lose points. This could be something as simple as add an email account or even install PGP. The details of the objective were up to those running the games.