IoT Security Game – Instructor’s Setup Guide (Instructor Version)

Topology

Objectives
The IoT Security Game was designed to be a fun, engaging and at the same time an effective way to apply
and reinforce the knowledge and skills the students have previously learned in the IoT Security course. The
game mimics a real world like scenario of an end to end IoT system, where students with White Hat Hacker
skills are tasked to conduct a vulnerability assessment and provide mitigation recommendations for the
discovered vulnerabilities.
Part 1: Setup Instructions
Part 2: Troubleshooting Options and Passwords

Background / Scenario
The IoT Security Game is a Catch the Flag (CTF), multiplayer isolated network classroom game. In the game,
the players are formed into small teams. Within a single team, usually they are sitting together, but they can
be also remote and use the built-in chat to communicate with each other. The recommended team size is 2,
to a maximum of 3 members.
The IoT Security Game is a cybersecurity jeopardy type of game. It’s a type, where each team has its own
segment where they compete to get most of the points by discovering vulnerabilities in an end to end IoT
system. In the current version of the IoT Security Game, the teams are not attacking each other’s systems.
The main user interface to the game is a web portal of the Game Controller at the http://gc.security.game
URL, that is only available from computers connected to the game topology.
The goal of the game is to collect, or in other words, to catch the flags. The flags are hidden in 3 levels of
rings, each with multiple missions:
• Ring 1 – Exploit the Physical Vulnerabilities

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 1 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

• Ring 2 – Exploit the Network Vulnerabilities

• Ring 3 – Exploit the Application Vulnerabilities
The first ring is about challenging missions connected with the device level, or physical vulnerabilities, the
second ring is about the communication or network vulnerabilities and the last third ring is about the
application vulnerabilities.
In total, there are 10 missions in the game and each of them contains a secret flag to be discovered. The
mission names are the following:
1. JTAG
2. Default credentials
3. Privilege escalation
4. Weak passwords
5. Extract the Firmware
6. Port scan
7. Remote access
8. Unencrypted protocols
9. Play with the http query parameters.
10. Insecure web APIs
The flag to be discovered has usually some form of a string representation:
• CTF{HACKER},
• some hash,
• an URL,
• etc.
In most cases though, the flag contains the “CTF” word.
Once the team has discovered a flag, they report it to the Game Controller to prove their work and get their
mission points. However, before getting the points for solving the given mission, because the IoT security
course is not only focusing on skills to discover and demonstrate vulnerabilities, but also on providing threat
mitigation recommendations, to get final number of score points for the given mission, first the team needs to
complete a short quiz. The quiz is with one, or two questions specific to the mitigation strategies. Based on
the number of correctly answer quiz questions, the team gets the resulting points that is calculated using the
formula bellow:
score = <max points of the mission> * <completion order factor> *
(1 + <correct quiz questions> / <total quiz questions>) / 2
Where the completion order factor is defined as:
• First team to complete this mission: 100%
• Second team to complete this mission: 75%
• Third team to complete this mission: 50%
• All other teams: 30%

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 2 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

Required Resources
• Each team for the student pods:
• Small 5-port switch as a Team Switch
• One Raspberry Pi 3, Model B or later, with the IoT Security Game End Device image flashed
• Host computer with Google Chrome web browser and at least 4 GB of RAM and 15 GB of free disk
space to run:
• Oracle VirtualBox
• IoT Security Kali Linux OVA from the course
• Backend:
• Cisco L2 or L3 switch with IOS 12.2(55)SE or later, capable of basic IP routing, Vlans and DHCP
• One Raspberry Pi 3, Model B or later, with the IoT Security Game Controller image flashed
• One Raspberry Pi 3, Model B or later, with the IoT Security Game Cloud Services Simulator image
flashed
• Optionally one Raspberry Pi 3, Model B or later, with the IoT Security Game WebPi image flashed
• Host computer with Google Chrome web browser

Part 1: Setup Instructions

Step 1: Download the IoT Security Game resources

a. From the IoT Security Course Instructor’s Resources Page, download the SD card images for the IoT
Security Game.

1) Please note that the total size of all four ZIP files with SD card images is about 4GB.

Step 2: Setup the Raspberry Pi devices for the Back-end game topology:
Game Controller:
a. Using the PL-App Launcher, flash the first SD card with the Game Controller SD card image.
1) Use "gc" as a device name with any device password.

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 3 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

2) Using a marker, label the SD card as "gc" for future reference. There will be plenty of SD cards and it
can help to identify the one you are looking for.
b. Insert the Game Controller SD card to the first Raspberry Pi. This Raspberry Pi device is going to act as a
Game Controller.
Cloud Services Simulator:
c. Using the PL-App Launcher, flash the second SD card with the Cloud Services Simulator SD card image.
1) Use "cloud" as a device name with any device password.
2) Using a marker, label the SD card as "cloud" for future reference. There will be plenty of SD cards
and it can help to identify the one you are looking for.
d. Insert the Cloud Services Simulator SD card to the second Raspberry Pi. This Raspberry Pi device is
going to act as a Cloud Services Simulator.
WebPi (optional – only if you want internet access to be available from the Game Topology):
e. Using the PL-App Launcher, flash the third SD card with the WebPi SD card image.
1) Use "webpi" as a device name with any device password.
2) Using a marker, label the SD card as "web" for future reference. There will be plenty of SD cards and
it can help to identify the one you are looking for.
f. Insert the WebPi SD card to the third Raspberry Pi. This Raspberry Pi device is going to act as a WebPi
internet gateway.

Step 3: Setup the students' Raspberry Pi devices:

a. Using the PL-App Launcher, flash one SD card per student team with the End Device SD card image.
1) In PL-App Launcher, use "enddevice" as a device name with any device password.
2) Please note that for 10 competing teams, you will need to flash 10 SD cards.
3) It is always good to have at least one spare SD card - for situations when one gets broken.
4) To simplify the setup process, you can also ask the student teams to complete this task on their own.
In this case, distribute the End Device SD card image among the teams and ask them to flash it using
the PL-App Launcher.

Step 4: Setup the Central Switch for the Back-end game topology:
a. The Central Switch provides L2 Vlan based segmentation between teams, basic IP inter-vlan routing, and
DHCP services.
b. Enable basic IP routing on a switch (needed for Cat2960 series switches, skip this step for Cat3xxx series
switches).
1) You need to change the SDM template to enable basic IP routing on a Cat2960 switch.
2) Minimum requirement of IOS version: 12.2(55)SE, or higher.
3) Using the switch command line interface, enter the following configuration change in the Global
Configuration Mode:
Switch-2960(config)# sdm prefer lanbase-routing
Switch-2960(config)# do reload
4) After changing the SDM template, you need to reboot the switch for the changes to take effect.
5) After the reboot, to verify the SDM template has been successfully changed, use the "show sdm
prefer" command.

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 4 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

6) Enable IP routing using the "ip routing" command in the Global Configuration Mode of the switch.
c. Setup the switch using the configuration template.
1) From the IoT Security Course Instructor’s Resources Page, download the Switch Configuration
Template for the IoT Security Game:

2) Configure the switch using configuration template. In most cases, you should be able to copy-paste
the configuration from the template. Please note:
(i) If your switch has Gigabit interfaces, update the configuration template by replacing
"Fa0" with "Gi0", or respectively according the port naming of your switch.
(ii) If your switch requires the “switchport trunk encapsulation dot1q” command
on trunk interfaces, adjust the configuration of the 24th port.
3) Verify the configuration of of the switch (sh int status, sh run, etc.)
4) Save the configuration on the switch using "copy run start" or "write".

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 5 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

Step 5: Setup the classroom topology

a. All computers are connected to the Game topology using ethernet cables. To eliminate possible network
issues, make sure that all computers (including the instructor’s and students) connected to the topology
have turned off their WIFI interface.
b. Turn on the Central Switch that has been configured in the previous steps.
Setup the Back-end topology:

c. Connect the backend devices to the respective ports on the Central Switch:

Device Switch port

Game Controller Raspberry Pi Fa0/21

Cloud Services Simulator Raspberry Pi Fa0/22

Instructor’s PC Fa0/23

WebPi (optional) Fa0/24

d. Turn on the Back-end Raspberry Pi devices.

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 6 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

e. After about a minute or two, all devices should have completed the bootup process. Verify that the
topology is working:
1) The Instructor's PC should receive over DHCP an IP address from the 10.1.1.0/24 range, with the
DNS server being 10.1.1.5.
2) Verify that you can access the IoT Security Game Instructor's Dashboard at http://gc.security.game

3) On the Instructor's Dashboard, in the Players widget, you will see the status of the teams, who is
currently connected to the game network, the status of their Raspberry Pi End-Device and the status
of Kali Linux VM.
4) In the Devices widget, you will see the status of the network devices: the Game Controller itself, the
2960 Central Switch and the optional WebPi Raspberry Pi device.

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 7 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

f. If you want to provide Internet access from the game topology, so that students can browse the Internet,
connect with WebPi device to the Central Switch to port Fa0/24. Outbound Internet traffic is only
permitted on ports 80 and 443.

1) On the Instructor's Dashboard, from the Menu select the Settings option:

2) In the Settings window, enable the “Enable WebPi Internet Gateway” option:

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 8 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

3) If you want to connect to the Internet from the WebPi using WIFI, select Configure -> Wi-Fi option and
set the WIFI SSID and WPA2 Pre-shared-key of your network. The WIFI network needs to provide IP
addresses over DHCP.
4) If you want to connect to the Internet from the WebPi using cable ethernet, select Configure ->
Ethernet, and set the IP addressing option to DHCP or Static. Connect the ethernet cable with
Internet access to the Gi0/1 port (Access mode in Vlan 999) on the Central switch.
g. Keep the team setup on “AUTO” and let the students join the game. In “AUTO” mode, the Game
Controller will assign new students into their respective team based on the Vlan number. You can change
the team names from the default “Team1”, “Team2”, … to custom team names.

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 9 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

Setup the topology for the student Teams:

h. Each one of the first 20 switch ports of Central Switch represents one team.
i. Using a patch cable, connect one of the team switch ports on the Central Switch with a small 5-port Team
Switch of a given team.
1) Repeat the step for each team.
j. The Team Switch creates a small LAN for the given team. Students can connect their Raspberry Pi with
the End Device SD card to their Team Switch, as well as their PC with the Kali Linux VM.
1) Devices in the team LAN (Raspberry Pi, PCs, Kali Linux VM) should receive over DHCP IP
addresses from the 10.1.1XX.XXX/24 range, with the DNS server being 10.1.1.5.
2) Students should turn on their Raspberry Pi with the End Device SD card.
3) Students should turn on their PC.
4) Students should turn on the Kali Linux Virtual Machine from the IoT Security course
5) In the Kali Linux Virtual Machine, students need to execute the shell script that will configure IP
addressing for the game. To run the script, at the terminal prompt type the following:

root@kali:~# ./lab_support_files/scripts/game.sh
Game mode started ... if you restart this VM, please re-run this command.
6) After the script executes, at the terminal prompt, type ifconfig to verify if the network settings are
properly configured:

root@kali:~# ifconfig

Students should see that the IP address on the eth0 interface is from the 10.1.1xx.xxx/24 range.

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 10 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

k. Students can access the IoT Security Game Student's Dashboard at http://gc.security.game.
On the dashboard, they are asked to enter their name and then wait for the instructor to start the game:

l. After the instructor has started the game, the Student’s Dashboard will enter the guided tour mode, that
helps students identify the role of the various widgets:

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 11 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

m. The Gameboard widget provides access to the missions. Available missions are in Yellow color,
Completed missions are in Green color and missions on higher rings - locked are in Grey color:

n. Once a mission in the Gameboard is selected, the Mission widget is loaded with the mission details and
the Flag entry form. The Tools widget provides hints on what tools they need to resolve this mission:

o. After the team has discovered the Flag, they can submit it to the Game Controller using the “Enter flag”
form. The submission is followed with quiz questions and the final summary. At that point, students can
continue with the next unlocked missions.
p. The instructor can follow the status of the game on the Instructor’s Dashboard, where the Progress and
the Scoreboard widgets display the state of the teams. Clicking on the Presentation button turns the
dashboard into a simplified view with only the Progress and the Scoreboard widgets.

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 12 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

Part 2: Troubleshooting Options and Passwords

Troubleshooting Options:
Some of the Raspberry Pi devices will not boot up:
- check if the power adapter provides enough power (5V/2A)
- check if the SD card is correctly inserted into the Raspberry Pi’s SD card slot
- reflash the SD card
- using the USB to Serial 3.3V cable, connect to the Raspberry Pi’s serial interface, start a serial terminal
emulator (e.g. Putty) on your PC and verify the boot messages (follow instructions from the 3.2.1.5 IoT
Security course lab)
The characters on serial terminal emulator (e.g. Putty) are broken, or it does not accept key presses:
- restart the Raspberry Pi
- replace the power adapter on the Raspberry Pi
- replace the USR to Serial cable
Kali Linux is unable to access the network:
- verify if the eth0 interface has been configured with the IP address from the Team network
(10.1.1xx.xx/24) over DHCP
o Note that in the IoT Security course lab activities, the eth0 interface is configured with a static IP
address.
- restart the virtual machine
Passwords:

Game Controller, WebPi:

Username: pi Password: iot_Ruth3rf0rd! (root via sudo)

Cloud Services Simulator:

Username: pi Password: Cisco123! (root via sudo)

End Device:

Username: admin Password: admin (There is no root access on the End Device.)

IoT Security Kali Linux VM:

Username: root Password: toor

Central Switch:

Username: admin Password: iot_Ruth3rf0rd!

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 13 of 14 www.netacad.com
IoT Security Game – Instructor’s Setup Guide

Subnetworks:

VLAN SUBNET Usage

Backend Network
10 10.1.1.0/24
- connection to the Game Controller, Cloud Services
Simulator, Instructor's Computer

101 10.1.101.0/24 Team 1 network

102 10.1.102.0/24 Team 2 network

... ... ...

120 10.1.120.0/24 Team 20 network

Static IP addresses:

Address Device Usage

10.1.1.5/24 Game Controller Game Controller, DNS Server

10.1.1.32/24 Cloud Services Simulator Cloud Services Simulator

192.168.99.1/24 WebPi Internet Gateway network

192.168.88.2/24 Central Switch Internet Gateway network

10.1.1.1/24 Central Switch Backend VLAN10 SVI

10.1.101.1/24 Central Switch Team 1 VLAN101 SVI

... ... ...

10.1.120.1/24 Central Switch Team 20 VLAN120 SVI

© 2017 - 2019 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 14 of 14 www.netacad.com