CTF Infrastructure
1 like763 views
This document outlines the infrastructure for the HXP CTF event scheduled from November 17th to 19th, 2017, detailing aspects like network services, server architecture, and challenge reliability. It discusses separation techniques for hosting vulnerable services securely, recommending technologies like Docker Swarm for managing challenges. Key considerations include maintaining reliability and integrity of challenges on a hostile network while ensuring proper health checks to verify operational and solvability aspects.
CTF Infrastructure
- 1. CTF Infrastructure November 15, 2017
- 2. Events HXP CTF - Credentials in Slack - Friday, November 17th 6 AM to Sunday, November 19th, 6AM Officer Applications - Open Monday
- 3. CTF Topology ● Auxiliary Network Services ● CTF Server ● Challenge Server(s)
- 4. Key Considerations ● Reliability ● Integrity
- 5. How do you maintain reliable, solvable challenges on a hostile network?
- 6. Auxiliary Network Services ● DHCP ● DNS
- 8. CTF Server ● Hosts the CTF Challenges ● Generally CTFd or a custom solution
- 9. Challenge Server ● How do you host vulnerable services in a secure fashion? ● Again, reliability and integrity ● Someone shouldn’t be able to use challenge A to solve challenge B
- 10. Separation Techniques ● Physical ● Hypervisor ● Container
- 11. Physical Separation ● Physical security ● Requires lots of machines ● Requires lots of power ● Requires lots of managment ● :(
- 12. Hypervisor Separation ● Hypervisor level security ● Requires 1 good machine ● Extra management overhead ● Low utilization ● Compounding problems if doing service replication ● Recommendation: vSphere or Proxmox
- 13. Container Separation ● Kernel level security ● Can be run on physical machines or VMs ● Environment reproducibility ● High utilization ● Recommendation: Docker Swarm
- 14. My proposed architecture ● PFSense gateway - provides DHCP, DNS, etc. ● CentOS - managed by Puppet ● CTFd and Challenges - Docker Swarm ● NGINX Load Balancer for everything
- 15. Monitoring ● Verify challenge can be reached ● Verify challenge can be solved ● Predict future needs
- 16. CTF Challenge Creation ● How do I guarantee my challenge will work when deployed? ● How do I guarantee my challenge is running? ● How do I guarantee my challenge is solvable?
- 17. Docker Containers ● Integrate the challenge into the deployment environment ● Built in health check to verify the challenge is running ● Built in health check to verify challenge is solvable