First 15 minutes


During CCDC, each team has 15 minutes to secure their systems before the red team begins to attack. This first 15 minutes is crucial to success, and blue teams need to have a plan in order to use the time to best advantage. There will be some pre-established threats, and lots of insecure configurations.

Successful CCDC teams have a playbook, just like sports teams. Often, this master playbook will consist of mini-playbooks for each system. One of the foundations of a CCDC team playbook is to have "First 15 minutes" sheets for each competition team member, specific to the systems that member will be assigned to. These will vary based on systems. There is usually a Linux mail server, and a CentOS e-commerce site; while these are both Linux-based systems, the contents of the sheet will be different. Each team member should have a copy of playbooks for all systems.

"First 15 Minutes" sheets will include elements like patching, securing logins, implementing secure settings, mitigating existing threats, etc., and should fit on a single page.

Break into teams and work together to devise two "First 15 Minutes" sheets, one for Linux systems and one for Windows systems. For purposes of this exercise, assume Ubuntu 18.04 and Windows 10. Eventually, we will need to makes similar sheets for the firewall and more specific systems, but that will come later in the semester.

The instructions for making these sheets are intentionally vague. This is, in part, a test of your research abilities to find and evaluate relevant information. It is also a test of your ability to work cooperatively with other people to execute instructions that may be lacking in context or detailed specifications.

Team Roles

Each team needs a Manager, a Writer, and one or two Researchers.

Everyone on the team is responsible for doing research, and supplying the Writer with content. The Manager and Writer will work together to complete the final edit, and the Manager will present both sheets to the class.

Posted 8-18-18