.png?width=40&height=40&name=search%201%20(1).png){kind=small}
"You have just been hired as the network and security administrators at a small company and will be taking administrative control of all information systems. You know very little about the network, what security level has been maintained, or what software has been installed. You have little time to familiarize yourself with the network and systems and to begin the security updates and patches before 'hackers' starts actively attacking your company. In the midst of all the commotion, you have to keep up with the needs of the business and user demands while maintaining service level agreements for all critical Internet services. Welcome to the Southeast Collegiate Cyber Defense Competition (SECCDC).
Since 2006, The Kennesaw State University Center for Information Security Education has hosted the Southeast Regional Collegiate Cyber Defense Competition. The winner of this three day event advances to the National CCDC event. In this event, student teams compete to keep online services of their fictional companies active and respond to unexpected changes while a team of industry professionals launches attacks against them.
In February, KSU held a Virtual Preliminary Qualification Competition where 33 teams from the region competed to be one of the eight teams to advance to the onsite regional competition. This is a unique event, in that students have the opportunity to interact with industry professionals and discuss the security challenges they will likely face upon graduation.
This year the team from the University of Central Florida went on to represent the Southeast region and competed at the National CCDC Championships in Orlando.
The onsite competition uses a private network to enable student teams to experience the full complexity of keeping systems operational, while keeping the business running in the face of the hacker team’s (industry professionals) efforts to find and exploit vulnerabilities in the simulated business environment.
When the teams took over they had access to the full data stream via a Garland Technology Copper Network TAP providing them full access to every packet on the way in or out of their network. This allowed those teams with the proper skill set to monitor and react to unfolding events.
One of the tools to improve the team’s situational awareness was IBM® Security QRadar® SIEM , provided to the team by a national CCDC event sponsor, IBM. Students were provided training on the use of this cutting edge technology prior to the event by IBM. Teams also had access to an onsite IBM consultant to make the best use of this tool to leverage the data flow provided by the TAPs. In addition to the IBM tool, most teams also took used the Network TAP to implement a Wireshark system to allow on the spot evaluation and analysis of network traffic.
Thank you to Garland Technology for providing the Network TAP to the teams and to the event management network for the past several years.
If you’re interested in getting involved in future events, contact the National CCDC to learn more.
If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.
If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.
While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.
Some of you may have noticed a flaw in the logic behind this solution! You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.
Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.
Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.
Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.