KYPO cyber range platform: technology & education
Several activities within CONCORDIA build and improve trusted ecosystems with the goal to provide impact and sustainability for communities. Besides Threat Intelligence Platform and DDoS Clearing House, CONCORDIA‘s ecosystem has this focus by providing lab infrastructures, services, and training. In today`s blog post, we will focus on the training part.
Cyber range platforms, CR-based trainings, and related tools are the main focus of the training activity. Discussions with technical topics such as exchange of scenarios, traffic composition, automatic execution of attack scenarios and network simulation/emulation are ongoing.
More skilled cyber security staff is needed. The KYPO cyber range platform is a part of Concordia`s strategy to boost European Digital Sovereignty. The Training activity aims to develop and continuously evolve cyber range trainings to achieve better automated and custom-tailored training that correspond to the evolving cyber threat landscape.
Cyber ranges are a suitable tool for education of future cybersecurity experts. They can be used for many learners and they are focused on practice. Hands-on approach in cybersecurity education provides invaluable experience to learners because it is simply not possible to learn cybersecurity only from books.
KYPO CRP Technology Update
Around the KYPO CRP platform, the exchange of content and/or building blocks to improve training scenarios and make them reusable and available to everyone. For that reason, virtual machines, networks, and trainings are entirely described in human-readable data-serialization languages JSON and YAML or used open-source software packer to build virtual machines and ansible for describing machine content.
Deployment of KYPO CRP, including the OpenStack cloud platform, can be a demanding task. Masaryk University will release a new tool – KYPO CRP Lite – that can deploy KYPO CRP quickly with zero configuration, enabling users to evaluate KYPO CRP or create KYPO content without being a DevOps expert. KYPO CRP Lite may be deployed to any major cloud provider or powerful desktop/server.
In addition, a new KYPO professional release brings features like Terraform & Kubernetes (to substitute Ansible & Docker and supports orchestration) and thus running sandbox environments on local VirtualBox machines instead of the cloud platform instances. This would make the platform easier to deploy, increases scalability in critical workloads/ trainings, and increases interoperability with a broader range of OpenStack public cloud providers.
How KYPO supports Cyber-Security Consultant Education
In the path of becoming a certified participant in Concordia in the “Becoming a Cyber-Security Consultant” course, a webinar was carried out with a session containing hands-on exercises and some security challenges with different objectives.
The common point between these exercises is that they are carried out on the free-open-source cyber range KYPO. KYPO was chosen to build the network topology: it is free and it is flexible to the education needs.
During the webinar, the exercises were split into different directions: Pen-and-paper exercises which were more likely to be a discussion between the participants and the organizer. These exercises aimed at raising awareness of what can happen at the code level, and how several exploitations can occur after a bad code is used. The second part was the practical-(KYPO)- exercises or the pentesting exercises.
About the exercises on KYPO, it is necessary to mention that the proposed exercises are of a medium difficulty level.
- Reconnaissance: In order to carry out the attacks on the victim (a vulnerable machine we built and integrated on KYPO), the user should gather information as much as he can, which will be the goal in this phase.
- Pentesting Different Services: Then, the participant will try to exploit different services such as: FTP, HTTP, wordpress, etc. This is carried out by walk through exercises that are followed by a group discussion.
- Carrying Synflood attack: This part was more about understanding what happens in case an attack is launched. The participants launched an attack, aiming at exhausting the resources of the victim and thus rendering its services unavailable. After that, they tried to understand what happens by observing the packets, using Wireshark. This part can be related to forensics, since the participants tried to collect, understand, and analyze the packets transmitted to the victim.
The proposed exercises (as an example) define the starting point for a cyber security consultant journey.
(By Reinhard Gloger, BAdW-LRZ – Bavarian Academy of Sciences and Humanities – Leibniz Supercomputing Centre)