###############
Getting Started
###############

**Welcome to the Cyber Defense Competition!**

These documents will help you get your servers up and running, as well as
explain some of the peculiarities of the ISEAGE environment.

***************
Other Documents
***************
* :doc:`../rules/index` - The general rules for the :term:`CDC`
* Scenario - Explains the servers you are required to have, and what they are
  required to do
* :doc:`../scoring/index` - The points breakdown of the CDC
* :doc:`../remote_setup/index` -  How to access and configure your servers
  leading up to the Attack Phase
* :doc:`../server_setup/index` - The initial steps needed to get a scenario VM
  alive and some advice for where to go from there.

********
Glossary
********

.. glossary::
  CDC
    Cyber Defense Competition

  VM
     Virtual Machine, either provided by the scenario or created by your team

  vCenter
    How you can access and manipulate VMs

  IScorE
    The CDC Scoring System

  Management Network
    A network safe from red team attacks the you can use to manage your VMs.
    To access the intrnet the management network you must use the proxy.

  www.teamN.isucdc.com
    Example server address used throughout documentation. Replace N with your
    team number. The www part depends on the specific server and is specified
    in the scenario.

  Red Team
    The bad guys. They can attack your VMs, and can use social engineering to try
    to steal information from Green Team. They cannot attack Green Team,
    White Team, or you

  White Team
    The ISEAGE Staff running the competition. They are here to help you and make
    sure the competition goes well. Try to help them back.

  Green Team
    Your legitimate users. The purpose of the CDC is to protect your servers from
    Red without hindering Green.

  Blue Team
    You!

  Anomalies
    Bonus challenges for points.

  Remote Setup
    The first month of the CDC. You have this phase to look at, understand,
    and fix things with your servers.

  Local Setup
  On-site Setup
    All Blue Teams are gathered in the competition venue for "panic mode"
    the night leading up to the Attack Phase. Good for final tweaks and testing.

  Attack Phase
    When Red Team is attacking the Blue Teams

  Doug
    The guy who makes pancakes.

******
IScorE
******
IScorE, along with :term:`vCenter`, forms the heart of the Cyber Defense
Competition. IScorE scans servers to award points for uptime, manages flags and
documentation, and gives out your team-specific passwords for scenario accounts.

===============
Service Scanner
===============
A portion of points go to "Service Uptime" as determined by the IScorE service
scanner.

=====
Flags
=====
Download your Blue flags from IScorE, then place them on servers in accordance
with the scenario. Red Team will try to steal these flags and submit them to
IScorE, costing you points. Red Team will also download Red flags and try to
plant these on your server.

================================================
Documentation, Intrusion Reports, and Earnbacks
================================================
Submit all three of these through IScorE when appropriate.

=========================
Team-Specific Information
=========================
Several of the scenario accounts, usually those with administrative power, will
have passwords specific to your team. This information is available in IScorE.
Green Team also has access to the team-specific information.

===========
DNS Records
===========
You must set the domain name (www.teamN.isucdc.com) to IP address mapping of
your servers in IScorE before the scanner and Green Team will find your
services.

=========
Anomalies
=========
Throughout the day, Anomalies will become available. These are additional tasks,
puzzles, and challenges that you can complete for points.

=================
Usability Reports
=================
When Green Team tests your usability, the report will show up in IScorE. You can
use this feedback to see what Green Team encountered issues with. If Green Team
deducts usability points for a task, it means they couldn't complete it either
because the necessary service was down or locked out, or your documentation
was too vague for them to figure out what to do.

..  note::
  As you can tell, IScorE contains a lot of very sensitive information. IScorE is
  well-secured and off-scope to Red Team, so they are not allowed to attack it
  directly. However, should Red Team obtain your IScorE password, they can and
  will put it to good use. Protect your IScorE credentials at all costs!

******************
What You Are Given
******************
At the beginning of each CDC, all of the teams are given an identical set of
competition VMs. All of these machines are a basic template: they don't know
which team you are on, they don't know what IP address they should have, and
they don't know anything about the competition network. The purpose of each
machine is outlined in the Scenario document, as well as any default credentials
you will need to finish the setup for each VM.

In addition to the scenario VMs, you have access to two networks: the
Competition Network and your Team Internal network. You are also free to request
additional internal networks, but these two are more than sufficient for a
functional and secure setup.

************
CDC Networks
************

========================
Competition vs. Internal
========================

The Competition Network is the "Real Internet" of the Cyber Defense Competition.
The Team Internal network is completely yours; you can use it for whatever you
want. IScorE doesn't know about your internal network, and nobody can get to it
from the Competition Network unless you set it up so they can. Using the
internal network is completely optional, and many teams simply connect their
servers directly to the Competition Network.

=========
Isolation
=========
The Competition Network is isolated from the "Real Internet", and this leads to
quite a few gotchas that can be confusing. No traffic can go directly from the
competition network to the real internet, or vice versa. However, several ISEAGE
systems are connected to both the competition network and the real internet and
know about servers on both sides. The three that you will need to know about are
the Proxy, VPN, and the RDP Hop. Directions for connecting to the VPN and RDP
hop can be found in the :doc:`../remote_setup/index` document.

The Proxy allows machines on the competition network, including your servers
(and eventually Red, Green, and Blue Team's personal machines during the attack
phase), to load Web pages and download files from the Real Internet. Read the
:doc:`../server_setup/index` guide for more details on the Proxy.

The VPN is an easy way to get direct access to your systems as if you were
on-site. The VPN places your computer on the "Management" network and allows
you to remotely configure your systems without using vCenter.

The RDP hop is also aware of both sides. Once you have RDP'd into the RDP hop
from the real internet, you can make direct connections to your servers using
any service you want. This includes HTTP(S), SSH, FTP, RDP, etc. This is the
easiest way to test your servers, since the RDP hop sees them the same way as
the service scanner, Green Team, and Red Team.

Once you are on-site for local setup, you will be able to put your laptop
directly on the competition network, which is called the
:term:`Management Network`. At this point, you won't need to rely on RDP or
vCenter since you can directly connect to competition VMs. However, you will
need to configure the proxy on your laptop's web browser (Firefox is the
easiest).

.. attention::
  Ping will NEVER EVER work from the competition network to the Real Internet,
  so don't even try. You will NOT be able to ping google.com, 8.8.8.8, or any
  other real-world site, EVER. Instead, try pinging the proxy at 199.100.16.100.