By Mike Taylor, Associate Dean of Cyber and Network Security, ECPI University
This fall, the Information Systems Security Association’s (ISSA) Research Triangle Park (RTP) chapter teamed up with ECPI University’s student ISSA chapter to host a Capture the Flag (CTF) cybersecurity competition training event, held at ECPI University’s Raleigh campus.
The event was designed to teach attendees the basics of ethical hacking by simulating an online set of conditions similar to those that hackers use to attack and penetrate identified targets. Participants identify vulnerabilities in a network and then make configuration adjustments to better protect their team while simultaneously attacking other targets to ‘capture the flag’. Cybersecurity competitions have become a worldwide phenomenon with a wide range of government, corporate, and academic organizations sponsoring teams competing for bragging rights.
The September event was a trial run in preparation for another more formal run and to prepare for the ISSA InfoSeCon being held in October. Since it was a trial run, the participation was limited to 15 ISSA members, five ECPI University students, trainers, and facilitators. There were four ISSA officers and one expert running the session. The experts used slide presentations to walk participants through the hands-on activities critical to the success of their team. Topics included skill development in reverse-engineering, network sniffing, protocol analysis, system administration, programming, and cryptanalysis, as well as:
- How to install VM software
- How to install Kali
- How to install vulnerable virtual machines (VM) as targets
- How to create isolated network for the vulnerable VMs
- How to install and start practicing for CTF like the one at Triangle InfoSeCon 2017
Initially scheduled to run from 9 am to noon, the session was so popular that it was extended until 2 pm. The process involved setting up hardware, organizing teams, installing software, and setting up targeted Virtual Machines. Once the preliminary setup was done, the teams selected and solved challenges that result in ‘capturing a flag’. Points were awarded based on the flag submissions. ECPI University attendees were:
- Gwen Hammaker: Faculty Advisor to Student Chapter
- Christy Long, ECPI Graduate and ISSA Recruitment leader
- Angelo Illiano
- Tim Pippin
- Laura Araque
ECPI University has offered use of its facilities to ISSA on Saturdays to hold sessions for ISSA members and industry professionals. As sponsor, ISSA charges a nominal fee for attendees but allows a limited number of ECPI students to attend for free as a courtesy for use of the campus.
ISSA’s interest in cybersecurity competitions stems from its core mission to educate its members via its local chapters to increase awareness of cyber risk, mitigate vulnerabilities, and protect critical information infrastructure. It provides education and mentoring opportunities for students and promote study for certification exams. It also assists with resume preparation and advises on establishing LinkedIn accounts.
ECPI University has had a strong relationship with the ISSA for the past four years. During that time, the chapter has furnished engaging speakers on more than 30 occasions. In addition, ISSA has its own monthly meetings with local industry professionals discussing current topics. Students are invited to these meetings and are offered discounted memberships.