Sei sulla pagina 1di 7

Cyber Range Training Services

Table of Contents
Train Like You Fight...................................................................................... 2

The Global Cyber Range Imperative............................................................. 3

Why Traditional Approaches Have Failed..................................................... 3

A Pragmatic Strategy for Arming and Training Elite Cyber Warriors.......... 3

Training Next-Generation Cyber Warriors with Advanced Cyber


Range Training.............................................................................................. 4

Real-World Cyber Ranges............................................................................. 5

Ixias BreakingPoint Cyber Ranges.............................................................. 6

Cyber Range Targets.................................................................................... 6

Service Operations Module.......................................................................... 7

Service Defensive Operations Module......................................................... 7

Cyber Range Simulation Learning Module................................................... 7

Cyber Range Training................................................................................... 8

II 1
Cyber Range Training Services Cyber Range Training Services

Train Like You Fight have wasted years and hundreds of millions of dollars
merely to study the problem.
The Global Cyber Range Imperative The traditional Cyber Range model involves massive
investments in hardware, software licenses, electricity, and
Those who do not remember the lessons of the past are real estate. It also requires dozens of skilled professionals
Organizations worldwide face a dangerous shortage of
Yet Ixia BreakingPoint has harnessed patented network doomed to repeat them. Yet today the same complacency to set up, configure, integrate, and maintain. It then
Cyber Warriors with the skills required to defend against
processor technology to deliver a better approach one that has led to catastrophic losses so many times is placing requires dozens more network and security professionals
cyber terrorism. This urgent situation is made worse by the
that creates an Internet-scale Cyber Range environment the worlds leading nations at risk, this time in the fifth with the knowledge to continually research and create an
weaknesses and vulnerabilities that continue to pervade
from a single 7-inch-high device. This breakthrough battle spacethe cyber domain. Without urgent action evolving mix of sophisticated attacks.
critical IT infrastructures despite billions of dollars
invention removes the obstacles that once prevented the and investment to harden the resiliency of national cyber
invested in cyber security measures.
widespread deployment of Cyber Ranges for arming and defenses, the impacts of cyber attacks will continue to Rather than use cost-effective, adaptive, and scalable
training Cyber Warriors. multiply. technology that is now readily available, too many
Addressing these problems requires Internet-scale
organizations and government agencies have answered
simulation environments, along with a comprehensive
Leveraging its Cyber Range experience, Ixia has formulated Just as every military and police force needs a firing the Cyber Range challenge by throwing money, outmoded
training curriculum and proven methodologies, to
a strategy for preparing organizations to defend their range to hone weapons skills and battle tactics, every hardware, and expensive consultants at it. That approach is
develop elite Cyber Warriors and simulate attacks on IT
interests by assessing, educating, and training elite Cyber Cyber Warrior needs access to a Cyber Range. Only with destined to fail, however, because it will never keep pace
infrastructures. Military commanders, defense contractors,
Warriors and equipping them to harden the resiliency of an Internet-scale, operationally-relevant, and ever-current with the rapid evolution of cyber threats.
and even commercial analysts such as Gartner refer to
critical network and data center infrastructures. Cyber Range can organizations produce the empirically-
these environments as Cyber Ranges.
valid war-gaming scenarios necessary to develop IT staff A Pragmatic Strategy for Arming
skills and instincts for offensive and defensive action.
Although Cyber Ranges are a necessity for training Cyber
Warriors, in recent years the old approach to building them Similarly, the only way to understand the resiliency of IT and Training Elite Cyber Warriors
has been exposed as a costly and futile exercise. Flagship infrastructures is to assault every element within them
using the high-stress, real-world conditions created in the Drawing on its years of experience in delivering
Cyber Range projects relying on that outmoded approach
controlled environment of a Cyber Range. breakthrough Cyber Range innovations to military
organizations and global enterprises, Ixia has developed
a pragmatic and sustainable strategy for arming
Why Traditional Approaches Have organizations to assess, educate, and certify a national
Failed force of Cyber Warriors to carry out information assurance
(IA), information operations (IO), and mission assurance
Unfortunately, the enormity of todays cyber security crisis (MA) duties. The same innovative technology and scalable
has outstripped the unmanageable, inefficient approach approach used for training Cyber Warriors can be leveraged
of traditional Cyber Range models. At one organization, to assess and harden IT infrastructure resiliency.
leaders were struggling to scale to the performance
necessary to replicate a realistic environment. The
organization had followed the old Cyber Range model
to build out a lab filled with hundreds of servers cabled
together to simulate the load of 15,000 users with
limited application coverage. Its mission, however, required
250,000 users to exercise target devices across the full
complement of todays applications.

2 3
Cyber Range Training Services Cyber Range Training Services

Training Next-Generation Cyber Our Cyber Range Training leverages Ixia BreakingPoint
Actionable Security Intelligence (ASI) to generate realistic
Warriors with Advanced Cyber application traffic and exploits, using pre-configured and
Range Training custom Internet and target simulations. During training, we
will generate the following traffic and simulations to create
Organizations and government agencies have answered
an Internet-scale Cyber Range environment: Real-World Cyber Ranges
the cyber defense challenge by arming their networks with
Realistic target simulations
firewalls, intrusion prevention systems (IPSs), and other A true Cyber Range environment allows Cyber Warriors to conduct offensive operations against enemy targets connected
defenses. Though this satisfies a rudimentary network Realistic exploit simulations
security checklist, this approach on its own has no hope of to networks, and defensive operations to protect critical infrastructure components connected to networks. We implement
Realistic evasion simulations
keeping pace with the rapid evolution and scale of cyber a Cyber Range environment with multiple components, including computer servers, computer clients, routers, and switches
threats, and is destined to fail. Effective cyber security is Realistic traffic simulation
the product of melding trained people, or Cyber Warriors, that simulate your real infrastructure components and targets. While many Cyber Ranges are hardware intensive, requiring
Internet IPv4 and IPv6 infrastructure
and automated systems into a unified defense. hundreds of servers and clients, we implement a more cost-effective virtual environment.
Enterprise and IT services
Ixias Cyber Range Training delivers structured training Population and country user base
and war-gaming exercises to prepare Cyber Warriors Data of interest or needle in a haystack for data
at both public and private organizations to defend their loss prevention (DLP)
critical infrastructures, enterprises, and communications
Mobile subscriber user base
networks. With a comprehensive Cyber Warrior curriculum,
commanders, government officials, and CIOs can educate Our Cyber Range training was developed with an emphasis
and train their personnel through a wide range of exercises on real-world operations and self-enabling. The training
at increasing levels of difficulty to evaluate expertise and objective is to instruct students on how to conduct
certify capabilities. Our training includes both pre-built offensive and defensive operations, taking into account
and customized war game scenarios to ensure the highest personnel roles and responsibilities in a Cyber Range
security for your particular network. environment. Learning modules cover offensive operations,
including attack and exploit vectors and target simulations,
defensive operations from a network/security operations
centers (NOC/SOC) perspective, and lab exercises.

Image Source: US Air Force

4 5
Ixias BreakingPoint Cyber Ranges Ixias BreakingPoint Cyber Ranges

Ixias BreakingPoint Cyber Cyber Range Targets Service Operations Module Successful operations require collaboration and
information exchanges between operational nodes and their
Ranges To simulate theater operations, Ixia developed a realistic The Service Operations Module leverages Ixia personnel. The training leverages multiple frameworks
set of targets for multiple geographical areas of BreakingPoint ASI platforms using pre-configured to capture the information exchanges and operational
Ixia BreakingPoint-based Cyber Ranges provide an responsibilities (AOR). Ixias Cyber Range targets map to or custom simulations that target private and public activities at operation centers. Ixias Cyber Range Training
environment that allows Cyber Warriors to: the following geographical AORs: infrastructure components and assets. During the lab shows students how to develop the following operational
exercises students will generate target traffic using the views to support their enterprise operations:
Conduct cyberspace operations to ensure freedom Asia Pacific targets following simulations:
of action in cyberspace, while denying the same to High-level operational concept graphic
North America targets
adversaries Country of Interest Traffic Operational node description
Europe targets
Simulate critical infrastructure components, including Country of Interest Targets Operational information exchange matrix
computer servers and clients To simulate real-world operations, the training will leverage
available real-world security and network infrastructures This will cover real-world traffic scenarios, to include: Organizational relationship chart
Simulate and conduct offensive operations against
to simulate the day-to-day operations that are conducted Operational activity model
enemy targets Application traffic simulations with mixes of different
at data centers, NOCs, and SOCs. Possible infrastructure
Simulate and conduct defensive operations to protect components include application-level firewalls, intrusion protocols Service Defensive Operations
critical infrastructure components. detection systems (IDS), intrusion protection systems
(IPS), SYSLOG servers, DLP appliances, routers, switches,
Reconnaissance activities Module
Denial of Service (DoS) attacks, including:
network management systems, and application servers. The Service Defensive Operations Module includes an
Possible application servers include mail servers, web IP layer
overview of the day-to-day activities that are performed
servers, database servers, and voice servers. Transport layer at data centers, NOCs, and SOCs. The student will learn
Application layer how to use operational activity models and operational
information exchange matrixes in support of defensive
Distributed Denial of Service (DDoS) attacks,
operations. The module also covers how incident response
including:
teams (IRT) react to network and security events. During
IP layer the operations lab exercises, students will perform the
Transport layer following exercises:
Application layer Monitor enterprise traffic
Worm exploits Monitor network devices
Application exploits Monitor security devices
Common Vulnerabilities and Exposures exploits Respond to network and security events
Malware Reconfigure network and security devices
Note: This list will be customized for each customer, based
on need. Cyber Range Simulation Learning
The service operations module instructs students on how
Module
to develop attack vectors with multiple evasion techniques. Ixia Cyber Ranges simulate millions of users and
During the attack and exploit lab exercises, students thousands of servers and clients with over 245 application
will perform the following exercises targeting multiple protocols, transport protocols, and network protocols.
infrastructure components: Our Cyber Range Simulation Learning Module leverages
Ixia BreakingPoint ASI platforms to simulate critical
Generate realistic security exploits infrastructure components that can represent anything
Generate fuzzing traffic with invalid and malformed from financial, utilities, telecommunications, and industrial
data computer servers to military weapon systems.
Generate evasions to bypass security countermeasures

6 7
Cyber Range Training Cyber Range Training

Cyber Range Training Setting up different Network Neighborhoods to


include switch, router, and core (virtual) router
Day 3: Day 4:
environments Session Sender Application Layer Attacks
Course Code 985-2503 - 3 days
Labs to learn how to setup basic Network Session Sender test component configuration DNS based attacks
985-2504 - 5 days, includes all of 985- Neighborhoods
Session Sender test phases HTTP fragmentation attacks
2503, and an additional 2 days of hands-on Labs to setup country- and region-specific
Operational Scenarios, described below Network Neighborhoods What constitutes a session Excessive Verb (POST)

Super Flows Labs to create Session Sender test scenarios Excessive Verb (GET)
Level: Advanced
Describe what flows, Super Flows, and Application Stack Scrambler Malware
Prerequisites: Students should have a good understanding Profiles are and how to build them Stack Scrambler test component configuration Run a mix of the over 35,000 pieces of live
of TCP/IP and traffic flows. In addition, students may Super Flow test cases to describe different Header fields that can be modified malware in different combinations depending on
be working with routers, switches, firewalls, and IDS/ protocols and how they can be used to build the targets
IPS devices, and security information event management Labs to create Stack Scrambler traffic flows
specific application traffic CVE attacks
(SIEM), so should have a working knowledge of these Reconnaissance Activities
products. Students will take on roles of managing the Labs to build Super Flow traffic, as well as putting Run a mix of over 6000 pieces of CVE attacks
the Super Flows into an Application Profile PING sweeps
network and security devices during the class, so should
have an understanding of these roles. Port scans
Day 5:
Day 2:
IP Layer Attacks Review the skills learned throughout the first four days
Synopsis: This course will give students an understanding
Critical Infrastructure Servers ICMP flood of class
of offensive and defensive cyber security methods.
Students will gain knowledge and skills in reacting to a Building simulated critical infrastructure servers ICMP flood with fragments Practice those skills using the equipment that has been
myriad of cyber security and application traffic flows. and the traffic being generated gathered for the customers specific requirements
ICMP flood from different clients to different
Students will be put through Operational Scenarios that Client Simulator targets Spend additional time designing customer specific
include malicious and non-malicious traffic in a safe, scenarios using techniques learned during the week
Overview of Client Simulator test component Transport Layer Attacks
secure environment.
Adding Super Flows to Client Simulator scenarios Run through those scenarios with a qualified Cyber
UDP flood
Range Instructor available as a guide and mentor
Objectives: Labs to create and run Client Simulator Super UDP flood with fragments
Flows previously created Cyber Range Training is offered at Ixias Cyber Defense
Upon successful completion, students will be able to: UDP flood from different clients to different AcademyTM or on-site at your location.
Application Simulator targets
Determine best practices for defensive cyber security Overview of Application Simulator test component TCP SYN flood
mechanisms
Adding Application Profiles to Client Simulator TCP SYN ACK flood
Build a Cyber Range to use as a continual learning tool scenarios
TCP PUSH flood
Understand cyber security attacks and how they affect Labs to create and run Application Simulator using
network and security devices TCP Session attack (all of these can be done
different Application Profiles
multiple times with different Evasion profiles)
Configure the Ixia BreakingPoint system to run Strike Lists
application and security traffic Introduction to Application Layer Attacks, Malware and
Vulnerability detection and reporting CVE Attacks
Create Operational Scenarios
Strike List overview
Day 1: Strike List terms
Default Strike Lists
Cyber Range Fundamentals
Fuzzers
Overview of a Cyber Range and different
environments that include Cyber Range Security Labs to configure Strike Lists
Operations Center, Cyber Range penetration Security
testing tools, and Cyber Range integrated with a
Learning Management System (LMS) Security test component configuration

Network Neighborhood Adding Strike Lists to Security scenarios

Overview of Network Neighborhood and how to Evasion Profiles


model operational environments Labs to configure Security test scenarios

8 9
Contact Ixia Today

Ixia Worldwide Headquarters Ixia European Headquarters Ixia Asia Pacic Headquarters
26601 Agoura Rd. Ixia Technologies Europe Ltd 21 Serangoon North Avenue 5
Calabasas, CA 91302 Clarion House, Norreys Drive #04-01
(Toll Free North America) Maidenhead SL6 4FL Singapore 554864
1.877.367.4942 United Kingdom Sales +65.6332.0125
(Outside North America) Sales +44 1628 408750 Fax +65.6332.0127
+1.818.871.1800 Fax +44 1628 639916
Fax 818.871.1805
www.ixiacom.com

915-4036-01 Rev. A, May 2014

Potrebbero piacerti anche