Large-scale Testbed and Cyber Range Organiza6on and Design

Transcription

1 CYBER RANGE ORGANIZATION AND DESIGN Large-scale Testbed and Cyber Range Organiza6on and Design Razvan Beuran, Ken-ichi Chinen

2 Outline 1. Mo9va9on & overview 2. Making use of StarBED 3. Case studies 4. Summary 2

3 Mo9va9on People have become more and more reliant on the Internet A world in which devices and people are all connected together: the Internet of Things (IoT) Network communica9on makes life more convenient, but it also exposes users to cybersecurity risks, such as malware, phishing It is necessary to conduct cybersecurity educa9on and training as we perform at JAIST 3

4 Cyber range Environment for cybersecurity training Facilitates learning and use of prac9cal skills Security training High-level skills Security experts Security awareness training Mid-level skills Low-level skills IT specialists End users 4

5 Cyber Range Organiza9on and Design NEC endowed chair at JAIST 3 year period star9ng in FY 2015 Two main direc9ons Cyber range architecture and design Develop technologies and frameworks Cybersecurity educa9on programs and courses Develop curriculum, training materials 5

6 Making use of StarBED Implementa9on and execu9on of cyber ranges, experiments, etc. 6

7 For IT & security professionals Use cyber ranges to acquire the prac9cal skills for properly handling security incidents User Input Cyber Range Configura6on Cyber Range Instan6a6on Cyber Range Incident Database CYBER RANGE CREATION FRAMEWORK 7

8 For regular computer users Use ac9ve educa9on to gain awareness of poten9al cybersecurity risks E-learning Role-playing games Prac9cal skills Preven9on readiness 8

9 Network emula9on Use network emula9on to assess applica9ons and protocols from the perspec9ve of cybersecurity risks Network emula3on framework: NERVF 9

10 IoT experiments Thorough experiments are required to make sure IoT technologies are opera9ng safely FPGA-based propaga3on emulator: StarWave support (ongoing development) 10

11 Case studies SANS NetWars Con9nuous Online training program of SANS Ins9tute 5 levels to be tackled during 4 months Topics Vulnerability Assessment Packet Analysis Penetra9on Tes9ng System Hardening Malware Analysis Digital Forensics and Incident Response 11

12 Levels 1 & 2: Summary Level 1 Analyze the configura9on of a local machine to find security flaws Evaluate browser forensic ar9facts, command shell history, document metadata, and malware to discover crucial evidence Analyze packets for evidence of aeacks Determine how an aeacker pivoted through the network to gain access to a target machine Level 2 Analyze and isolate persistent, evasive malware Analyze a system to determine and thwart aeackers' techniques Reconstruct network topologies and aeack evidence from packet capture files Crack local passwords and wireless crypto keys Work with SQL databases to find security flaws and evidence 12

13 Levels 1 & 2: Break down SANS NetWars Continuous -- Level 1 OS Network SANS NetWars Continuous -- Level 2 OS Network Cryptography Image Database Programming # of Questions Points 0 # of Questions Points Total Ques9ons: 23 Total Points: 58 Total Ques9ons: 18 Total Points: 77

14 Security awareness training Design security awareness training plahorm Test basic security skills in a prac9cal manner Focus on social engineering aeack preven9on Use concept of gamifica9on (serious games) Engage users through emo9ons, compe99ve behavior, etc. Incorporate social and reward aspects of games Make educa9on and training more effec9ve 14

15 hep:// April 28,

16 Game idea Example storyline (fragment) Go to office Meet person in elevator He/she drops USB memory Inves9gate USB memory Tested skills Pick up USB memory? Insert it in PC? Open file on USB memory? Click on link in from person? 16

17 Implementa9on tool Twine: open-source tool for telling interac9ve, nonlinear stories (hep://twinery.org/) Stories can be extended with variables, condi9onal logic, images, CSS, and JavaScript Publish directly to HTML Stand-alone or browser interface Used by RPG researchers for game prototyping 17

18 Summary We address the need for cybersecurity educa9on and training through cyber ranges Cyber Range Organiza9on and Design (NEC endowed JAIST Architecture and design of cyber ranges Educa9on programs and courses StarBED is the infrastructure for the implementa9on and execu9on of cyber ranges Already used by CYDER, SecCap and Hardening training programs Also used for network emula9on experiments 18

19 THANK YOU! 19