Welcome to the CyberPatriot Training page. This page will help you learn about the systems we run, cyber defense, the workings of the internet, and security programs. It also has several references to review. If you have any questions or comments, or have information that you feel would be beneficial to this page, feel free to contact us.
CIAS released training modules for help in the CyberPatriot competition **UPDATE: The modules now depend on our Ubuntu image.
Module One - Module One serves as an introduction to Information Assurance and Cyber Security. This module discusses fundamental concepts of Information Assurance and threats to cyber security.
- Module Two - Module Two discusses the interdependency of physical and cyber security, the impact policies and procedures can have on cyber security, and the use of awareness training to strengthen cyber security programs.
- Module Three - Module Three discusses the co-existence of data and voice traffic on networks, shared infrastructures, components of a typical network, and countermeasures for network-based threats.
- Module Four - Module Four contains an overview of major Operating System functions, threats to Operating Systems, major steps to securing Operating Systems, and identifying vulnerabilities on an active system.
- Module Five - Module Five discusses threats associated with applications and personal information along with basic techniques for securing personal information on computer systems.
Goals in Competition
During competition, these objectives must be met:
In the past, CyberPatriot has competed with these images:
-
Windows 2000 Server
-
Windows 2003 Server
-
Windows 2008 Server
-
Windows 2008 R2 Server
-
Ubuntu
In our images, CyberPatriot scores with a CyberNEXS client (the Ubuntu Learning Image does not include CyberNEXS). When you first log into the image, the CyberNEXS client will present you with a registration page. Upon successful registration, CyberNEXS will create a Get_My_Status.html file. This file reports the score during competition. In Windows, it will be under C:/Get_My_Status.html. In Ubuntu, it will be under /Get_My_Status.html
Due to the CyberNEXS client, there are parameters that must not be tampered with:
-
Do not modify, disable, delete, or change the password of the CyberNEXS users. This user enables the CyberNEXSClient service to connect to the scoring system. Tampering with this user may cause your system to stop reporting updates. This includes changing permissions, changing the group, disabling the user, expiring its password, etc. Any users referring to CyberNEXS in the name or description should not be modified.
-
Do not uninstall CyberNEXSClient or delete or modify any files in C:\SAIC. The CngClient program runs as a service that constantly evaluates your system health and configuration.
-
Do not delete the Get_My_Status.html file. This file appears after successful registration and contains a link personalized to your registered Target. This link redirects you to your team’s status page. If you are in a shell only environment, you will need to install a browser such as lynx to view the file.
-
Do not delete or modify the CNGCLIENT_CONFIG_HOME environment variable. This variable is used within the CyberNEXSClient program.
-
Do not disable, stop, or modify the CyberNEXSClient service parameters. This is the main service that communicates with the scoring system at SAIC. If this service is not running, you will not receive a score.
Learning Ubuntu
Ubuntu is the GNU/Linux distribution used in CyberPatriot III. There are several guides, books, and a forum that a new user can review in order to learn more about how to use Ubuntu. We created a Virtual Image of Ubuntu to try out.
If you wish to really learn Ubuntu, we highly recommend that you download and use it full time. Like almost all distributions, you may freely download and install Ubuntu. If you would like to try out other distributions, feel free to visit DistoWatch to find out what other GNU/Linux distributions offer.
Learning POSIX
There exist many different flavors of 
GNU/Linux, and it is a subset of Operating Systems (OSes) known as Unix-Like, or *nix, OSes. This group of OSes posses common attributes, and that is called "Portable Operating System Interface for Unix", or POSIX. One shared trait is that all have a command line, or shell. The Bourne Again Shell (Bash Shell) has become the de facto standard in *nix. One of the most attractive features of the Bash shell is its ability to be scripted. A couple of network config commands to be familiar with are:
The POSIX directory structure is another unified structure, but it is much different than the Windows directory structure. Some important filesystem components to look at are the /proc and /etc/init.d file system.
If you have any issues with *nix OSes, the best resources are man page, documentation, forums for that Distribution, the IRC Channel for that OS, and Google. Almost any problem that you have had, someone else has most likely had the same issue and has solved it. However, please remember to ask questions in a smart way.
Learning Windows
The Windows family of OSes encompasses Desktops, Servers, and Embedded systems. Although Windows OSes heavily use Graphical User Interfaces (GUIs), Windows all have a shell. The XP-based OSes (Windows XP and Windows Server2003) only have the Command Prompt (cmd.exe). The Vista and 7 based OSes (Windows Vista, Windows 7, Windows 2008, Windows 2008 R2) also have the Powershell. We recommend looking at the Microsoft TechNet site for learning more about these OSes. Here are some important parts of Windows we recommend looking at:
Learning about the Internet
We all use the Internet on a daily basis and we certainly use it in the CyberPatriot competition, we highly recommend possessing technical knowledge of how the Internet works. Some important concepts to learn include:
Cyber Defense
The US Computer Emergency Response Team (US CERT) is a great resource on learning about cyber defense. They release a lot of material on how to stay safe online and how many computer defenses work. Comodo also has a great resource on understanding many cyber threats and how cyber defense work. SAIC also has two videos on how to secure *nix and Windows Systems. Some concepts to be familiar with:
Learning Security Programs
There exist many security programs to look at and try. Below are some of our recommendations:
- Network Analysis:
- Rootkit Detection
- Intrusion Detection Systems (IDS)
- Firewalls
References
Other Resources
- Stanford Engineering Everywhere offers some free online classes on Computer Science and Engineering
- The CyberPatriot winning teams have compiled tips to help out other teams:
End Note
Though we have given you several resources to look at, this is not an exhaustive guide. The best thing you can do to educate yourself is to keep asking questions and figure out how things work. Feel free to look up resources on your own, and never underestimate Google. Also, if you feel you have a new or better link for us to post, feel free to send us a message.
Last updated 14 Sept 2011