Center for Information Security Education


  

CISE

• Home
• About
• Directions

News and Events

• News
• Events

People

• Faculty & Staff
• Students

Education

• Degree Programs
• I-SAFE Program
• Curriculum
• Scholarships
• K-14 Outreach

Research

• Brown Bag Seminars
• Technical Reports
• CSE Colloquiums
• Research Initiatives

Resources

• Links

Contact Us

• Contact

Logistics of the SPSU Information Security Challenge 2006

1. Overview

Southern Polytechnic State University (SPSU) Information Security Challenge 2006 is organized by the Center of Information Security Education (CISE) of SPSU and the Department of Information Technology. The main goal of this event is to increase student awareness of information security and assurance and to spark the interest of students in computer security.

2. Schedule

• The competition is from 1:00pm to 4:30pm on Wednesday January 11, 2006.
• 1:00pm – 1:05pm: Check in at room J202. Challenge server URL is issued.
• 1:05pm – 1:20pm: Answer paper questions in J202.
• 1:20pm – 1:30pm: Set up computers and tools in your reserved rooms, and register your teams at the assigned challenge server URL.
• 1:30pm: The challenge page is activated.
• 1:30pm – 3:30pm: Ethical Hacking Competition. Please refer to the “Rules” section for more information.
• 3:30pm: The challenge page is de-activated, and all teams must stop working and return to J202.
• 3:30pm in J202: Mr. Paul H. Wilson from CA will deliver a talk on information security solutions.
• 3:30pm – 4:00pm: Judges meet and grade in J211.
• 4:00pm – 4:30pm: Award Ceremony in J202.

3. Teams

• Any SPSU student may organize a team to compete.
• All participants must sign up for the competition. Sign up is free and is done by sending an email to jwang@spsu.edu with a subject line of “SPSU Information Security Challenge 2006”.
• A team consists of 3 students. A team of 2 students is also acceptable if the team prefers or has difficulty to add another team member.

4. Rules

• There are two parts of the competition:
  • Part I consists of 20 multiple-choice questions covering the common knowledge of administrative and protective duties for a computer network.
  • Part II is an ethical hacking competition. You will be conducting a penetration testing against a number of servers.
    1. The goal of the competition is to complete as many challenges as possible in the 2-hour time frame: 1:30pm – 3:30pm.
    2. The challenges simulate a penetration testing against security professionals in the area of information security and assurance.
    3. Participants are competing with the clock rather than with other teams. Thus, all participants should display professional integrity toward completing his or her objective during the challenge phase.
    4. This competition limits use of harmful attacks on the server as they do not lead to achievement. Harmful attacks are, but not limited to, the following: denial of service (DOS or DDOS) attacks, packet sniffing, brute force attacks, communication with other teams during the competition phase, and abuse of the site framework to display false results.
    5. The challenges were designed in such a way that you should not try port-scanning, and the only use for the give IP address is web browsing to challenges through standard HTTP (port 80).
    6. There should no attempts to access system services, which does no good for solving the challenges.
    7. The challenges can all be completed using friendly tools/methods so there is no need to attempt DOS/DDOS attacks etc. as they will do no good.
    8. Any harmful attacks or violations of the above rules can lead to disqualification from the competition.
    9. Teams may bring any software they feel might be useful to the competition provided the appropriate license accompanies the software. No specific software is required for the event that cannot be obtained during the appropriate timeframe.
• Students can use their own laptop computers or use the computers in J368 (TA's office), J388 (Adjunct Instructor Office), J390 (Adjunct Instructor Office), J261 (Real-time Lab), and J263 (General Lab).
• Teams are allowed to use any open-source tools available to them.

5. Prizes

• All participants will receive a participation certification.
• Top 3 teams will receive certifications, cool gifts from local companies and the School of CSE.
• Top winners (2 graduate plus 6-7 undergraduate students) will be sent to Southeast Collegiate Cyber Defense Competition.

6. Judges and Organization Committee

Prof. Bob Brown, Dr. Abdullah Faruque, Prof. Phillip Feibish, Dr. Orlando Karam, Mr. Micah Rowland, Mr. Ray Walker, and Dr. Andy Wang (Chair).