ITEN Wired Cyber Competition

Transcription

1 ITEN Wired Cyber Competition Kevin Hofstra Chief Technology Officer Copyright by Metova Federal, LLC. All rights reserved. SLAM-R Copyright by Metova Federal, LLC. All rights reserved. Patent Issued, Metova Federal, LLC; Patent No.: US9,246,768, January 26, 2016 Systems and Methods for a Simulated Network Attack Generator. Patent Issued, Metova Federal, LLC; Patent No.: US8,751,629, June 10, 2014 Systems and Methods for Automated Building of a Simulated Network Environment. Patent Issued, Metova Federal, LLC; Patent No.: US8,532,970 B2, September 10, 2013 Systems and Methods for Network Monitoring and Analysis of a Simulated Network. Additional Patents Pending through the United States Patent and Trademark Office (USPTO). 1 CYNTRS, HOTSIM, RGI, VCCE, SLAM-R, and CyberCENTS are registered trademarks of Metova Federal, LLC through the USPTO

2 Kevin Hofstra Chief Technology Officer Metova CyberCENTS Federal/Commercial Cyber Health Assessments Technical Advisor - US Air Force CPTs 835 th /837 th Cyber Operations Squadrons Communications Sector Chief - Denver InfraGard 2

3 Metova CyberCENTS Cyber Competition Experience Established Technology The First DoD Cyber Range 3 Patents Awarded (Attack, Autobuild, Monitoring) 3 Patents Pending (Traffic, Reconstitution, Architecture) Demonstrated Capability Exercise Support for Bulwark Defender, Cyber Flag, Cyber Storm II, UK Cyber Challenge, Vigilant Guard, Cyber Shield, Pacific Cyber Endeavor, I/ITSEC OBW, NCCDC, etc. Robust Customer base Air National Guard Virtual Interconnected Training Environment (VITE) Navy Cyberspace Operations Training Simulator (NCOTS) US Army Cyber Battle Lab Collaborative Simulation Environment (BLCSE) Joint Counter-Intelligence Training Academy (JCITA) State/Local Government Academia 3

4 How do we teach advanced cyber skills? 1. The latest technology/methods 2. Interactivity (Specifically hands on) 3. Foster Innovation (In a risk-free environment) 4. Align to real-world activities and skills 5. Make it fun (Especially in a competitive environment) Edgar Dale s Cone of Experience People remember: 10% of what they read 20% of what they hear 30% of what they see 50% of multimedia 70% of what they build 90% of what they do Read Hear Images Video Exhibits Demonstration Hands on Workshop Simulation/Modeling Real World Verbal Receiving Visual Receiving Participating P A S S I V E Experiencing A C T I V E 4

5 Emulating the Cyberspace Domain A realistic, immersive and risk-free environments for you to train, test and innovate Highly complex and realistic cyber environments with an embedded suite of tools that enable effective control of the cyberspace 5

6 UK Cyber Challenge Video 6

7 The Cyber Range Ecosystem Infrastructure Hardware (Transport, Systems & Storage) Virtualization (Hypervisor) Software (Licenses, Applications, Tools) Core Services and Internet Space NTP, DNS, Web, Traffic Generation Network User Communications, Social Media Threat Emulation Custom Attacks, Insider Threats, Metasploit Framework Range Management VMs, Monitoring, Traffic, Attack, Scenario Builder, Scoring Engine 7

8 Essential Elements of Turn-key Cyber Range 1. True-life System Response through Emulation RFC-compliant communications that include actual source/destination nodes and all underlying network protocol signaling and system indicators necessary to perform forensic investigation from OSI layer 2 through 7 2. Scenario Builder and Automated Playback Ability to sequence parameters for traffic generation and attack events (Source, Destination, Parameters, Severity, Timeline) to allow the bundling events into scenarios and lesson plans that can be stored and replayed 3. Multi-mode and Re-roll Capability Events can be played out in automatic (Sequenced) or manual (On Demand) mode and range can be baselined/reconstituted in in minutes 4. Open Architecture Minimize cost through best of breed hybrid of hardware (Transport) and virtualization (Systems) while allowing configuration and technology flexibility, scalability and interoperability through hardware/software in the loop 8

9 CENTS Portfolio Cyberoperations Enhanced Network and Training Simulators (CENTS ) Cyber platform for training, exercising, and testing An immersive environment with emulation of all characteristic of a production environment down to the stateful communications protocols Available as stand-alone units, completely virtualized classroom configurations, cyber ranges, and mobile units for field exercises Cybersecurity Network Training Simulator (CYNTRS ) Larger scale unit for team /Capstone training Students/players interact in a single environment where actions of one effect operations of all 10+ Students Seats Hands-on-Training Simulator (HOTSIM ) Network simulator designed for use by an individual or small team Appropriate for use in a classroom or test setting Max of 3 student seats Virtualized Cyber Classroom Environment (VCCE ) Cyber training environment designed for use in classes up to 21 students Single server solution with open source tool set 7 virtualized simulators with 3 student seats each Range Global Internet (RGI ) Global internet simulator designed to replicate Internet routing, functionality and threats Adds fidelity to global events, competitions, exercises, target development Each CENTS Solution is Powered By SLAM-R Sentinel, Legion, Autobuild, Myrmidon Reconstitution (SLAM-R ) Event Monitoring Scenario Builder Scoring Engine Emulated Traffic Simulated Users Cyber Events/Attacks Virtualized Systems Virtualized Web/DNS Snapshot/Restore 9

10 Virtualized Cyber Classroom Environment (VCCE ) Multi-Team Range Environment Multiple teams simultaneously Fully virtualized platfor Parallel independent networks: Virtualized routers and switches DMZ w/ web/dns services Firewall, IDS, web proxy Network routers/switches Exchange mail, domain controllers Networks can interoperate or be isolated depending on the requirement Shared Range Management Interface Internet Services Attack/Scenario Manager Traffic Generation and Management TEAM 1 EXT-RTR (VM) TEAM 2 EXT-RTR (VM) Virtualized Cyber Classroom Environment (VCCE ) Root DNS WWW SMTP Attacks Traffic TEAM 3 Internet Router (VM) EXT-RTR (VM) Switch (VM) Attacks / Traffic Students Students Students Students Students Students Students Students Students Students Students Students Students Students EXT-DNS (VM) WWW (VM) Training Environment Teams 1-7 SNORT (VM) Switch (VM) DMZ EXCH (VM) MGMT Internal Router (VM) TEAM 4 EXT-RTR (VM) Firewall (VM) External Router (VM) External Switch (VM) Core Switch (VM) DC1 (VM) Switch (VM) TEAM 5 EXT-RTR (VM) Virtual Machine Server WS1 (VM) WS2 (VM) WS3 (VM) TEAM 6 EXT-RTR (VM) TEAM 7 EXT-RTR (VM) 10

11 Range Global Internet (RGI ) Emulated Internet Dynamic Routing (75+ Routers) True Geolocation & Attribution Root DNS Infrastructure NTP Infrastructure (Stratums 0-3) Replica Websites (400+) Vulnerable, hostile and benign: Government, News/Media, Commerce, etc. Dynamic and user customizable Social Media Social Networking (Facebook-like) Micro-blogging (Twitter-like) Chat/IIRC Dynamic Injection of Vulnerabilities Malware (Botnets/Viruses) Attackers (Programmed or Red Team) Real-time visualization of global traffic flow and attacks 11

12 SLAM-R Range Controller Unified GUI providing a single pane of glass for controlling the range ecosystem Virtualized Resource Control Baseline, snapshot, re-roll Scenario Builder and Timeline Sequenced and auto playback Attack Framework Automation for events Traffic Generation Multiple types and configurable 12

13 ITEN Wired Cyber Competition Topology 13

14 Cyber Competition Components Cyber Defense These defenders will monitor the network with the built-in range tools and respond to pre-programmed threat emulation scenarios. Cyber Attack These attackers will use a cyber exploitation platform to attack the weaknesses in the vulnerable target systems. Cyber Forensics These analysts will analyze malware/files with forensic tools to Capture the Flag and win points in the scoring engine. 14

15 Cyber Competition Results The remainder of the slides will present the results of the cyber competition and will not be available until after the event. 15

16 Questions? 16