On March 9th, an RIT team traveled to Franklin, Massachusetts to compete in the annual Northeast Collegiate Cyber Defense Competition. The competition tests students on their ability to protect and prevent computers and networks from being susceptible to hackers or viruses floating over the Internet. Without protection, a company’s private information could be stolen and released, or its network could be destroyed.
Upon arrival to the event, all 12 teams participating in the regional competition had their cell phones, cameras, USB drives and all other electronics taken away for the weekend. Each group of 8 was put in a room with 8 desktop computers, a router switch and a printer network for a total of 20 hours over the three-day weekend. Their mission was to hypothetically replace a previous IT team of a small company and make sure that their client, a blog site, was constantly up and running and safe from attacks by the “Red Team.” The “Red Team” was made up of a group of professionals who were assigned to break into the system and networks of the fake companies that the students were required to protect.
“The first fifteen minutes are critical because everything is wide open with no security in place,” 4th year Applied Network Systems Administration student Jeremy Pollard said. “Getting those first couple of actions to muscle memory is crucial.”
The RIT team set up triggers and alarms to monitor the network traffic; logging the information as website viewers or as someone trying to hack into the account. They used firewalls to protect the inbound and outbound traffic and were required to defend all outward facing nodes, storage, the website, emails and the network printer.
“In addition to securing the company’s current infrastructure,” 4th year Information Security and Computer Forensics student Neil Zimmerman explained. “We were required to build upon it by implementing new technologies, and to write policies to ensure future safety.”
For each attack that got through their system the team lost points. In order to gain these points back the team would need to complete an “instant response report” which explained what happened and how they fixed it.
The team believes they had a leg up on the competition because their teammate, 4th year Information Security and Forensics major Griffith Chaffee, competed on last year’s winning team. The team also believes this because they were taught how to configure systems and networks in school, as opposed to other teams who only knew how to program.
“We had experience from extensive lab work and co-ops,” Pollard said. “Other teams didn’t have any job experience,” Zimmerman agreed.
Although beating teams like Harvard University in the Northeast regional competition was a “nice feeling,” returning member Chaffee says the team still has a lot to prepare for.
“The computers out number you,” Chaffee said. “There are 12-16 computers so you really have to manage resources. Also, the red team is much, much better. The best in the business.”
So until the National round in April, the RIT team will be spending their free time practicing and learning things that they aren’t too familiar with. The team has also ordered new equipment to study and will practice having teammates take over for each other if one should become too overwhelmed.
“We are all from various backgrounds so we divide up work really well,” Zimmerman said.
They will be competing for the national title in Texas against nine other regional winners, including Texas A&M University, Air Force Academy, UNC Charlotte and last year’s winner, University of Washington.