Designed to fill the CAPSTONE requirement for the United States Military Academy's Information Assurance course in 2001, the Cyber Defense Exercise (CDX) pits teams of cadets from each of the five US service academies against security experts within the Department of Defense. Each team is challenged to design, implement, and manage an operational network of computers. Management of various platforms (Windows, LINUX, Solaris, FreeBSD, etc.) is required and services such as web, email, public key infrastructure, and database sharing must be provided. Students are encouraged to establish architecture, policy, and procedures that invoke a defense-in-depth and defense-in-breadth posture to keep the aggressors at bay. To keep the playing field level, security measures are limited to open source freely available tools. Strategies and techniques employed by the students that were tested on the CDX battlefield have provided industry, academia, and government with valuable lessons. These lessons are related to work in network mapping, port scanning, vulnerability scanning, password integrity checking, network monitoring tools, intrusion detection systems, host-based and network-based firewalls, and layer-two bridges.
These documents contain broad information about the principles and significance of CDX: