Special Thanks to UB NetDef Independent Study: Kevin Cleary, Chris Crawford, Solomon Karchefsky, Bich Vu, James Droste, Scott Florentino, Stacey Askey, Alex Mazzei, Evan Gershoff, Rohan Shah
UB Cyber Security Competition
RED TEAM
This is a student organized competition through a independent study (UB NetDef) about Information Security (InfoSec).
A team of students and industry professionals who will Penetration Test the Blue Teams’ networks. This involves testing each Blue Team’s network for vulnerabilities (Security Auditing and Vulnerability Assessments) and reversing any security controls installed.
Goals: Education, Enjoyment, and Competitiveness The poster includes various domains and elements participants will implement and encounter. The CIA triangle (left) is a guide of how data should be handled in InfoSec and this competition.
Various techniques will be used to test Blue Team members. For example, Social Engineering is trying to trick someone in to believing you are someone you are not.
BLUE TEAM
Workstations are the computers employees will work at. Privileges and User & Group Security Policies need to be put in place. These can be technically enforced or written in company policies. This will protect employees and important data.
A team of students who have an interest in the InfoSec industry. They will need to practice Due Diligence and Best Practices in defending and hardening a simulated enterprise network infrastructure. Each member is expected to act Professionally and work with other teammates to Triage important tasks simulating management requests.
Access Controls will give Permissions to resources. Users will need Authorization & Authentication to gain access to files or computers.
It is imperative teams Audit, Document, and Report what events are occurring within their network. This is a key factor for filing Incident Reports and practicing good Risk Management.
Active Directory Services allow System Administrators to manage permissions of users, groups, and computers.
Websites and Databases can store sensitive data. Teams will need to follow & implement Compliance Standards (HIPPA & PCI). This typically involves Encryption, Cryptography, Digital Forensics, Network Segmentation, Firewall Management, and Risk Management.
GOLD TEAM A team of students who organize and oversee the entire competition. One student is a project manager, responsible for managing the planning and logistics. Other members recruit participants, manage administrative details, and delegate tasks to Red, White, and Black team leaders.
WHITE TEAM A team of students who represent “management” in the competition. They develop the business elements of the competition including budgeting, establishing the business scenario, and creating the Injects. Injects are timed management tasks assigned to the Blue Teams. The White Team will assist participants, judge/grade submitted injects & reports, and handle the overall competition scoring.
Network Administration involves learning the TCP/IP Model, OSI Model and Routing & Switching. This is how computers communicate between each other (i.e. the Internet).
Network Segmentation splits a network into different sections. DMZ and LAN Segments have different firewall rules to allow in and out specific traffic or White Listing.
Firewall Management manages the type of traffic allowed inside the network.
The Network Admin can manage all of this with pfSense in this competition.
Intrusion Detection Systems allow teams to do Traffic Monitoring. This involves Packet Analysis which is analyzing all the traffic of different connections throughout the network. This is a critical control needed to find malicious events. Tools: Snort, Wireshark
Risk Management involves the identification, assessment, and prioritization of threats to the organization. Risk can be Mitigated, Shared, Accepted, and Avoided. Business Continuity and Disaster Recovery Plans are developed in preparation for worst case scenarios.
Teams need to setup Spam Filters and Phishing Detection to stop malicious emails. One click is all it takes to compromise an entire network. Security Awareness Training is important to keep a secure network. This involves teaching employees what to look for and how to stay secure.
BLACK TEAM A team of students who develop the technical infrastructure of the competition. Various operating systems (Windows & Linux) and services (Email, Web, Database, DNS, AD) are implemented to reflect a corporate network. The competition runs on a Virtual Environment which consists of servers and workstations.
