Home

2009 Competition Rules

 

NOTE: Deviations from the National Competition Rules are noted in bold, brown text:

 

  1. Student Teams
    1. Each team will consist of up to eight (8) members.  Each team member must be a full-time student of the institution the team is representing and must not be currently employed in the IT industry (security operations, network administrator, system administrator, programmer, network operations, help desk, etc.) as a salaried employee or as an hourly employee for more than 20 hours per week.  A waiver of the industry employment, 20 hours/week rule is granted to team members on co-operative education or internship assignment, as long as their institution recognizes them as a full-time student. Team members must qualify as full-time students as defined by the institution they are attending - typically this means the team member must be enrolled in 12 or more semester credit hours for undergraduates and 9 or more semester credit hours for graduate students during the semester the competition is held.
    2. Each team may have no more than two (2) graduate students as team members.
    3. Each team may have one or two advisors (coaches) present at the competition – these may be faculty/staff members of the institution or a team sponsor.  The advisors may not assist or advise the team during the competition.
      NOTE: The national rules only allow one team advisor. If your team has more than one advisor at the NECCDC, you will have to trim this to a single advisor if you win and proceed to the national CCDC.
    4. All team members will wear badges identifying team affiliation at all times during competition hours. Badges will be provided.
    5. Each team will designate a Team Captain for the duration of the competition to act as the team liaison between the competition staff and the teams before and during the competition.
    6. If the member of a qualifying team is unable to attend the national competition, that team may substitute another student in their place provided the substitute meets all stated eligibility requirements.
    7. Each team may provide one alternate. The alternate may be substituted during play in the event of illness or other unavoidable absence of a team member. Once an alternate is substituted in, he or she will remain in the competition until the competition ends. The absent member will not be allowed to reenter. In no case can the substitution of an alternate result in more than two graduate students on the team during play.

  2. Competition Systems
    1. Each team will start the competition with identically configured systems.
    2. Teams may not remove any computer, printer, or networking device from the competition area.
    3. Teams will be provided the overall system architecture, network configuration, and initial set-up prior to the event to permit planning but no detailed information, such as patch levels and application versions, will be provided ahead of time.
    4. Teams should not assume any competition system is properly functioning or secure; they are assuming recently hired administrator positions and are assuming responsibility for each of their systems.
    5. All teams will be connected to a central router and scoring system.
    6. Throughout the competition, Operations and White Team members will occasionally need access to a team’s system(s) for scoring, troubleshooting, etc.  Teams must allow Operations and White Team members access when requested.
    7. Teams must not connect any outside devices or peripherals to the competition network.
    8. Network traffic generators will be used throughout the competition to generate traffic on each team’s network.  Traffic generators will generate typical user traffic as well as suspicious or potentially malicious traffic from random source IP addresses throughout the competition.
    9. Teams must maintain specific services on the “public” IP addresses assigned to their team – for example if a team’s web service is provided to the “world” on 10.10.10.2, the web service must remain available at that IP address throughout the competition.  Moving services from one public IP to another is not permitted, however teams are free to NAT addresses inside their team networks. 
    10. Teams are not permitted to alter the system names of their assigned systems.
    11. Teams are not permitted to remove or alter any labels/stickers that are present on their assigned systems.
    12. Teams will have access to a “Restore from Backup” capability that will reset any system to its initial starting configuration.  This service will be performed by the Operations Team and will cost the team 50 points per system recovered.
    13. Each team will be provided with a set of install disks for the operating systems and major applications used in the competition network.  These may be used to reload systems, add/remove functionality, reinstall, etc.
    14. Systems designated as “user workstations” are to be treated as user workstations and may not be re-tasked for any other purpose by teams.  They must remain user workstations throughout the entire competition unless otherwise directed by an Operations or White Team member or indicated through competition injects.  Teams may not change the operating system on user workstations but are free to patch and secure user workstations.
    15. Teams may not modify the hardware configurations of competition systems.  Teams must not open the case of any server, printer, PC, monitor, KVM, router, switch, firewall, or any other piece of equipment used during the competition.  All hardware related questions and issues should be referred to the White Team.
    16. In addition to user workstations each network will have one “admin workstation”. Teams are free to modify the operating system and load tools, scripts, or applications on this workstation; however, this administrative workstation may not be used to provide critical services such as SMTP, FTP, HTTP, etc.
    17. Servers and networking equipment may be re-tasked or reconfigured as needed.

  3. Competition Play
    1. The competition will run over a three day period (Friday February 27th, 2009 to Sunday March 1st, 2009).  Registration will occur on Friday and a mandatory meeting for all team members and faculty sponsors will be held prior to the start of the competition.
    2. During the competition team members are forbidden from entering or attempting to enter another team’s competition workspace or room.
    3. All requests for items such as software, score checks, system resets, and service requests must be submitted on paper (typed and printed) to the Operations Team.  Requests must clearly show the requesting team, action or item requested, and date/time requested. 
    4. Teams must compete without “outside assistance” from non-team members which includes team advisors and sponsors. All private communications (calls, emails, chat, directed emails, forum postings, conversations, requests for assistance, etc) with non-team members including team sponsors that would help the team gain an unfair advantage are not allowed and are grounds for disqualification.
    5. No PDAs, memory sticks, CDROMs, electronic media, or other similar electronic devices are allowed in the room during the competition unless specifically authorized by the Operations or White Team in advance.  All cellular calls must be made and received outside of team rooms.  Any violation of these rules will result in disqualification of the team member and a 200 point penalty assigned to the appropriate team.
    6. Teams may not bring any computer, tablets, PDA, or wireless device into the competition area.  MP3 players with headphones will be allowed in the competition area provided they are not connected to any system or computer in the competition area.  For the Northeast CCDC, MP3 players are forbidden in team rooms. 
    7. Printed reference materials (books, magazines, checklists) are permitted in competition areas and teams may bring printed reference materials to the competition.
    8. Team sponsors and observers are not competitors and are prohibited from directly assisting any competitor through direct advice, “suggestions”, or hands-on assistance.  Any team sponsor or observers found assisting a team will be asked to leave the competition area for the duration of the competition and a 200 point penalty will be assessed against the team.
    9. An unbiased Red Team will probe, scan, and attempt to penetrate or disrupt each team’s daily operations throughout the competition.
    10. Team members will not initiate any contact with members of the Red Team during the hours of live competition. Team members are free to talk to Red Team members, Operations staff, White Team members, other competitors, etc. outside of competition hours.
    11. On occasion, Operations Team members may escort individuals (VIPs, press, etc) through the competition area including team rooms.
    12. Only Operations Team members will be allowed in competition areas outside of competition hours.
    13. All individuals involved with the competition will be issued badges which must be worn at all times individuals are in the competition area.
    14. Teams are permitted to replace applications and services provided they continue to provide the same content, data, and functionality of the original service.  For example, one mail service may be replaced with another provided the new service still supports standard SMTP commands, supports the same user set, and preserves any pre-existing messages users may have stored in the original service.  Failure to preserve pre-existing data during a service migration will result in a 50 point penalty for each user and service affected.
    15. Teams are free to examine their own systems but no offensive activity against other teams, the Operations Team, the White Team, or the Red Team will be tolerated.  This includes port scans, unauthorized connection attempts, vulnerability scans, etc.  Any team performing offensive activity against other teams, the Operations Team, the White Team, the Red Team, or any global asset will be immediately disqualified from the competition.  If there are any questions or concerns during the competition about whether or not specific actions can be considered offensive in nature contact the Operations Team before performing those actions.
    16. Each team may change passwords for administrator level and user level accounts.  Any password changes to user accounts must be provided to the White Team with a minimum of 15 minutes advance warning prior to the changes being implemented (unless the password changes are part of a competition tasking).  Failure to notify the White Team of user level password changes can result in service check failures.  Teams are required to provide modified passwords in the electronic format specified.  Please note that the White Team will not error check the provided password changes – they will simply upload the provided changes. Also, for the Northeast CCDC, password changes must be approved by White Team prior to effecting the changes to prevent unrealistically frequent password changes as a crude security strategy.
    17. Teams are allowed to use active response mechanisms such as TCP resets when responding to suspicious/malicious activity.  Any active mechanisms that interfere with the functionality of the scoring engine or manual scoring checks are exclusively the responsibility of the teams.  Any firewall rule, IDS, IPS, or defensive action that interferes with the functionality of the scoring engine or manual scoring checks are exclusively the responsibility of the teams.
    18. The White Team will provide a mechanism to show teams the official status of their critical services during the last scored service check.

  4. Scoring
    1. Scoring will be based on keeping required services up, controlling/preventing un-authorized access, and completing business tasks that will be provided throughout the competition.  Teams accumulate points by successfully completing injects and maintaining services.  Teams also accumulate points by passing service checks that are run on a regular basis during the competition. Teams lose points by violating service level agreements for extended periods, usage of recovery services, and successful penetrations by the Red Team.
    2. Scores will be maintained by the White Team, but will not be shared until the end of the competition.  There will be no running totals provided during the competition.  Team standings will be provided at the beginning of day two and three but without specific scores. At the Northeast CCDC, standings will be provided more frequently (twice a day each day of competition.
    3. Any team action that interrupts the scoring system is exclusively the fault of that team and will result in a lower score.  Should any question arise about specific scripts or how they are functioning, the Team Captain should immediately contact the competition officials to address the issue.
    4. Any team that tampers with or interferes with the scoring or operations of another team’s systems will be disqualified.
    5. Teams are strongly encouraged to provide incident reports for each Red Team incident they detect.  Incident reports can be completed as needed throughout the competition and presented to the White Team for collection.  Incident reports must contain a description of what occurred (including source and destination IP addresses, timelines of activity, passwords cracked, etc), a discussion of what was affected, and a remediation plan.  A thorough incident report that correctly identifies a successful Red Team attack will reduce the Red Team penalty by up to 50 percent – no partial points will be given for incomplete or vague incident reports.

  5. Internet Usage
    1. Competition systems will have direct access to the Internet for the purposes of research and downloading patches. Internet activity will be monitored and any team member caught viewing inappropriate or unauthorized content will be immediately disqualified from the competition. This includes direct contact with outside sources through AIM/chat/email or any other non-public services. For the purposes of this competition inappropriate content includes pornography or explicit materials, pirated media files or software, sites containing key generators and pirated software, etc.  If there are any questions or concerns during the competition about whether or not specific materials are unauthorized contact the Operations Team immediately.
    2. Internet resources such as FAQs, how-to’s, existing forums and responses, and company websites are completely valid for competition use provided there is no fee required to access those resources and access to those resources has not been granted based on a previous purchase or fee. Only resources that could reasonably be available to all teams are permitted. For example, accessing Cisco resources through a CCO account would not be permitted but searching a public Cisco support forum would be permitted.
    3. Teams may not use any external, private electronic staging area or FTP site for patches, software, etc. during the competition. Teams are not allowed to access private Internet-accessible libraries, FTP sites, web sites, network storage or shared drives during the competition. All Internet resources used during the competition must be freely available to all other teams.
    4. Public sites such as Security Focus or Packetstorm are acceptable. Only public resources that every team could access if they chose to are permitted.
    5. No peer to peer or distributed file sharing clients or servers are permitted on competition networks.
    6. All network activity that takes place on the competition network may be logged and is subject to release. Competition officials are not responsible for the security of any personal information, including login credentials that competitors place on the competition network.

  6. Questions and Dispute
    1. Team captains are encouraged to work with the contest staff to resolve any questions or disputes regarding the rules of the competition or scoring methods before the competition begins.
    2. Protests by any team will be presented by the Team Captain to the competition officials as soon as possible.  The competition officials will be the final arbitrators for any protests or questions arising before, during, or after the competition and rulings by the competition officials are final.
    3. In the event of an individual disqualification, that team member must leave the competition area immediately upon notification of disqualification and must not re-enter the competition area at any time. Disqualified individuals are also ineligible for individual awards or team trophies. Note that the use of an alternate is not permitted when a team member is disqualified.
    4. In the event of a team disqualification, the entire team must leave the competition area immediately upon notice of disqualification and is ineligible for any individual or team award.