Cyber Dawn FAQ - Upated September 16, 2009
1. Page 1 - Rule 12 - "No unauthorized electronic devices or media are allowed in the room during the competition. All cellular calls must be made and received outside the designated competition areas." Those devices are what specifically?.
Examples of these devices include USB drives, computers of any size, CD's, DVD's; etc.
2. Page 3 and Page 4 rules 2 and 13 are similar. What are those assets specifically?
Yes, they are similar. It is very important that you not plug any asset into the network that is not an approved asset. It's pretty straightforward - you are not allowed to plug anything into the game network.
3. No software that is not already installed at the start of the exercise is allowed on the morning of the competition. What software specifically can be brought and introduced in afternoon of competition?
You are only allowed to use free software. This is software that is freely available for the entire community. 30 day trials of commercial software does not count. Any software used in the exercise must be freely available to all persons with no restrictions.
4. The Team Captain will be notified when they can use open source and free software (NO trial commercial ware; all software must be 100% free). And, when does that occur?
That will occur when it occurs.
5. Do NOT plug in your own assets into the exercise network without prior approval from the White Cell. So, what assets will they approve of?
Very little. Damn near nothing.
6. What is the purpose of the dashboard host? What is its goal and does it run any services.
The dashboard provides the team captain with relevant scoring information, inject status and exercise news. It is a custom written web application. It does run services and those services must be up and available
7. How many are actual hosts and how many are virtual servers and how many consoles do we have available to access them with?
Each team will have 5 physical systems. Three or four of those systems will have 2 virtual machines running on them (using VMware player). Each defending team will also have a Cisco ASA 5505 and two Cisco 7960 VoIP phones.
8. What licensing/features/version is available on the Cisco 5505?
It is a basic 5505. Licensed for only two VLANS.
9. How often are we permitted to change account passwords?
You can change them as much as you like. However, certain accounts are used for scoring. The more you change those passwords, the more likely you will suffer outages with the scoring engine.
10. Software that the Blue Defender will be able to download, does it have to be both open source and free or can it also be free binaries that are not truly open source?
So long as the free binaries are free to all and forever, they need not be open source.
11. Do we have physical access to machines we are protecting --or are they virtual or remote?
You will have physical access to the machines. However, you have more systems than you have consoles.
12. What can we use for sneaker-netting? USB drive?
We are working on getting a USB drive sponsor. Then each team will be issued one drive that we know is clean.
13. Can we download and install open source software after the round starts?
You may download after the round starts. However you will not be allowed to installed until instructed.
14. What information is included on the incident response form?
We are using the US Secret Service Network Incidence Response form: HERE
15. Can we write our own configs and software, publicly post them as open source, then use them? (anything posted on source forge is fair game?)
Anything posted on source forge is fair game. Any other configs and scripts must be written during the exercise
16. Can we physically reconnect services to different interfaces on the firewall in order to create different networks like an inside and DMZ
The firewall is only licensed for two VLANS (outside and DMZ). Any change in the IP addressing scheme or moving services will result in the defending team being penalized for a network outage. The Scoring Engine is looking for specific services on specific IP addresses. If the Scoring Engine cannot find them, it will assume the service is down and you will be penalized accordingly.
