Competition Rules

Student Teams:


a) up to eight members

b) must be students who are currently enrolled (NOTE: FOR NATIONALS THE RULES
REQUIRE A MINIMUM CREDIT HOURS)

c) members cannot work in the network security industry where their primary
responsibilities are the same as the competition goals (i.e. securing a network and
keeping services running)

d) student members MUST wear their badges at all times

e) the team captain is responsible for disseminating all information to the other team
members, both before and during the competition

f) the team captain is the only member who can communicate with judges during the
competition


Competition Systems:


a) each team will begin with identically configured systems

b) teams may not remove any computer, printer, or networking device from competition
area

c) teams will be provided the overall system architecture, network configuration and
initial set-up prior to the event. No detailed information such as patch levels and/or
applications will be provided ahead of time

d) teams should not assume any competition system is properly functioning or secure;
they are assuming recently hired administrator positions and are assuming
responsibility for each of their systems

e) throughout the competition, operations and judging members will occasionally need
access to a team’s system(s) for scoring, troubleshooting, etc. Teams must allow
access with requested

f) teams must not connect any outside devices or peripherals to the competition
network

g) network traffic generators will be used throughout the competition to generate traffic
on each team’s network. Traffic generators will generate type user traffic as well as
suspicious or potentially malicious traffic from random source IP addresses
throughout the competition

h) teams must maintain specific services on the ‘public’ IP addresses assigned to their
team. Moving services from one public IP to another is not permitted. Using NAT is
permitted

i) teams are not permitted to alter the system names of their assigned systems

j) teams will have access to a ‘restore from backup’ capability that will reset any
system to its initial starting configuration. The operations team performs this at the
request of the team captain and the requesting team will be charged 50 points for
each restore

k) each team will be provided with the operating systems and applications used

l) systems designated as ‘user workstations’ are to be treated as user workstations and may not be re-tasked

m) teams may not modify the hardware used in the competition

n) in addition to user workstation(s) each network will have one ‘admin workstation’.
Teams may modify the admin workstations os, load tools, scripts, applications
however they may not use this workstation to provide critical services


Competition Play:


a) the competition will cover a two day period, beginning at 1:00 pm on February 8th
and ending at 4:00 pm February 9

b) registration and opening announcements are mandatory for all teams and team
members

c) during the competition team members are forbidden from entering or attempting to
enter a team’s competition workspace or room

d) all requests for items such as software, score checks, system resets and service
requests must be submitted on paper (typed and printed) to the operations team by
the team captain. Requests must clearly show the requesting team, action or item
requested, and date/time requested

e) teams must compete without ‘outside assistance’ from non-team members which
includes team advisors and sponsors. All private communications (calls, emails,
chat, directed emails, forum postings, conversations, requests for assistance, etc)
that would help a team gain an unfair advantage are not allowed and are grounds for
disqualification

f) teams may NOT bring any computer, tablets, pda, cell phone or wireless device into
the competition area. MP3 players (that function as MP3 players only) are allowed
with headphones. These may NOT be connected to any device

g) printed reference materials (books, magazines, checklists) are permitted in the
competition area

h) team sponsors and observers are prohibited from directly assisting any competition.
If a team gains assistance, suggestions, etc they will be penalized 200 points

i) only operations team members will be allowed in competition areas outside of
competition hours

j) teams are permitted to replace applications and services provided they continue to
provide the same content, data and functionality of the original service. For example,
one mail service may be replaced with another provided the new service still
supports standard smtp commands, supports the same user set, and preserves any
pre-existing messages users may have stored in the original service. Failure to
preserve pre-existing data during a service migration will result in a 50 point penalty
for each user and service affected

k) teams are free to examine their own systems but no offensive activity against other
teams, the operations team, the judging team (white team), red team, or global asset
will be tolerated. This includes port scans, unauthorized connection attempts,
vulnerability scans, etc. Any team performing offensive activity against other will be
immediately disqualified

l) each team may change passwords for administrator level and user level accounts.
Any password changes to user accounts must be provided to the white team with a
minimum of 15 minutes advance warning prior to the changes being implemented
(unless password changes are part of competition tasking – i.e. injects)

m) teams are allowed to use active response mechanisms such as TCP resets when
responding to suspicious/malicious activity. Any active mechanisms that interfere
with the functionality of the scoring engine or manual scoring checks are exclusively
the responsibility of the teams. Any firewall rule, IDS, IPS, or defensive action that
interferes with the functionality of the scoring engine or manual scoring checks are
exclusively the responsibility of the teams


Scoring:


a) scoring will be based on keeping required services up, controlling/preventing
unauthorized access, and completing business tasks. Teams accumulate points by
successfully completing injects and maintaining services. Teams lose points by
violating service level agreements, usage of recover services, and successful
penetration by the red team

b) scores will be maintained by the white team, but will not be shared until the end of
the competition. There will be no running totals provided.

c) Any team action that interrupts the scoring systems is exclusively the fault of that
team and will result in a lower score. Should any question arise the Team Captain
should immediately contact the competition officials to address the issue

d) Any team that tampers with or interferes with the scoring of another’s teams systems
will be disqualified

e) Teams should provide incident reports for each red team incident that they detect.
Incident reports can be completed as needed throughout the competition and
presented to the white team for collection. Incident reports must contain a description
of what occurred (including source and destination IP, timelines of activities,
passwords cracked, etc), a discussion of what was affected, and a remediation plan.
A thorough incident report that correctly identifies a successful red team attack will
reduce the red team penalty by up to 50 percent. No partial points will be given for
incomplete, vague or incorrect incident reports


Internet Usage:


a) no inappropriate usage of the internet will be allowed

b) there will be access to the internet available during the competition and any site that
is public access with no fee may be used for research, patch downloads, etc

c) no external devices may be used for patches

d) a private – ftp site may be utilized providing
    1) a username and password is provided to all teams
    2) nothing is provided that could not be accessible through other free sites
    3) no copyright violations exist on the site
    4) the username and password is provided to the judging team and
    observation team by February 1st
    5) all files are accessible to all teams

e) internet usage will be monitored. Any team violating any of the rules for internet
usage will be disqualified

f) any inappropriate content – i.e. anything that is not directly related to the competition and/or anything that violates any of the competition rules will result in a minimum penalty of 100 points per event and possible disqualification