large-scale testbed and cyber range organiza6on...
TRANSCRIPT
Large-scaleTestbedandCyberRangeOrganiza6onandDesign
RazvanBeuran,Ken-ichiChinen
CYBER RANGE ORGANIZATION AND DESIGN
Outline
1. Mo9va9on&overview2. MakinguseofStarBED3. Casestudies4. Summary
2
Mo9va9on
• PeoplehavebecomemoreandmorereliantontheInternet– Aworldinwhichdevicesandpeopleareallconnectedtogether:theInternetofThings(IoT)
• Networkcommunica9onmakeslifemoreconvenient,butitalsoexposesuserstocybersecurityrisks,suchasmalware,phishing– Itisnecessarytoconductcybersecurityeduca9onandtrainingasweperformatJAIST
3
Cyberrange
• Environmentforcybersecuritytraining– Facilitateslearninganduseofprac9calskills
High-levelskills
Mid-levelskills
Low-levelskills
ITspecialists
Securityexperts
Endusers
Securitytraining
Securityawareness
training
4
CyberRangeOrganiza9onandDesign
• NECendowedchairatJAIST– 3yearperiodstar9nginFY2015
• Twomaindirec9ons– Cyberrangearchitectureanddesign
• Developtechnologiesandframeworks
– Cybersecurityeduca9onprogramsandcourses• Developcurriculum,trainingmaterials
5
MakinguseofStarBED
• Implementa9onandexecu9onofcyberranges,experiments,etc.
6
ForIT&securityprofessionals
• Usecyberrangestoacquiretheprac9calskillsforproperlyhandlingsecurityincidents
CyberRangeConfigura6on
CyberRangeInstan6a6on
CyberRange
UserInput
IncidentDatabase
CYBERRANGECREATIONFRAMEWORK
7
Forregularcomputerusers
• Useac9veeduca9ontogainawarenessofpoten9alcybersecurityrisks
E-learning
Role-playinggames
Prac9calskills
Preven9onreadiness
8
Networkemula9on
• Usenetworkemula9ontoassessapplica9onsandprotocolsfromtheperspec9veofcybersecurityrisks
Networkemula3onframework:NERVF
9
IoTexperiments
• ThoroughexperimentsarerequiredtomakesureIoTtechnologiesareopera9ngsafely
FPGA-basedpropaga3onemulator:StarWave802.15.4support(ongoingdevelopment)
10
Casestudies
• SANSNetWarsCon9nuous– OnlinetrainingprogramofSANSIns9tute– 5levelstobetackledduring4months– Topics
• VulnerabilityAssessment• PacketAnalysis• Penetra9onTes9ng• SystemHardening• MalwareAnalysis• DigitalForensicsandIncidentResponse
11
Levels1&2:Summary• Level1
– Analyzetheconfigura9onofalocalmachinetofindsecurityflaws– Evaluatebrowserforensicar9facts,commandshellhistory,document
metadata,andmalwaretodiscovercrucialevidence– Analyzepacketsforevidenceofaeacks– Determinehowanaeackerpivotedthroughthenetworktogain
accesstoatargetmachine• Level2
– Analyzeandisolatepersistent,evasivemalware– Analyzeasystemtodetermineandthwartaeackers'techniques– Reconstructnetworktopologiesandaeackevidencefrompacket
capturefiles– Cracklocalpasswordsandwirelesscryptokeys– WorkwithSQLdatabasestofindsecurityflawsandevidence
12
Levels1&2:Breakdown
# of Questions Points0
5
10
15
20
25
30SANS NetWars Continuous -- Level 1
OSNetwork
# of Questions Points0
5
10
15
20
25
30
35
40SANS NetWars Continuous -- Level 2
OSNetworkCryptographyImageDatabaseProgramming
TotalQues9ons:23TotalPoints:58
TotalQues9ons:18TotalPoints:77
Securityawarenesstraining
• Designsecurityawarenesstrainingplahorm– Testbasicsecurityskillsinaprac9calmanner– Focusonsocialengineeringaeackpreven9on
• Useconceptofgamifica9on(seriousgames)– Engageusersthroughemo9ons,compe99vebehavior,etc.
– Incorporatesocialandrewardaspectsofgames– Makeeduca9onandtrainingmoreeffec9ve
14
hep://www.social-engineer.org/social-engineering/social-engineering-infographic/April28,2014
15
Gameidea
• Examplestoryline(fragment)– Gotooffice– Meetpersoninelevator– He/shedropsUSBmemory– Inves9gateUSBmemory
• Testedskills– PickupUSBmemory?InsertitinPC?– OpenfileonUSBmemory?– Clickonlinkinemailfromperson?
16
Implementa9ontool
• Twine:open-sourcetoolfortellinginterac9ve,nonlinearstories(hep://twinery.org/)– Storiescanbeextendedwithvariables,condi9onallogic,images,CSS,andJavaScript
– PublishdirectlytoHTML– Stand-aloneorbrowserinterface
– UsedbyRPGresearchersforgameprototyping
17
Summary• Weaddresstheneedforcybersecurityeduca9onandtraining throughcyberranges– CyberRangeOrganiza9onandDesign(NECendowedchair)@JAIST
– Architectureanddesignofcyberranges– Educa9onprogramsandcourses
• StarBEDistheinfrastructurefortheimplementa9onandexecu9onofcyberranges– AlreadyusedbyCYDER,SecCapandHardeningtrainingprograms
– Alsousedfornetworkemula9onexperiments
18