platoon a virtual platform for team oriented
play

Platoon: A Virtual Platform for Team-oriented Cybersecurity Training - PowerPoint PPT Presentation

Platoon: A Virtual Platform for Team-oriented Cybersecurity Training and Exercises Yanyan Li, Mengjun Xie Department of Computer Science University of Arkansas at Little Rock { yxli5, mxxie } @ualr.edu September 29, 2016 Yanyan Li, Mengjun Xie


  1. Platoon: A Virtual Platform for Team-oriented Cybersecurity Training and Exercises Yanyan Li, Mengjun Xie Department of Computer Science University of Arkansas at Little Rock { yxli5, mxxie } @ualr.edu September 29, 2016 Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 1 / 31

  2. Outline Introduction 1 Cybersecurity Education Problems with Existing Platforms Our Solution System Design 2 Platoon Objectives Platoon Structure Platoon Components Deployment 3 Deployment Requirements Usage 4 Evaluation 5 System Performance User Feedback Conclusion 6 Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 2 / 31

  3. Introduction Cybersecurity Education Cybersecurity Education Methods Regular Lecture - Learns basic security knowledge Case Study - Applies security knowledge to real world scenario Hands-on Exercise - Obtains practical cyber security skills Competition - Works as a corporate cyber security team Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 3 / 31

  4. Introduction Cybersecurity Education Cybersecurity Exercise Platforms In the Cloud and Full-access V-NetLab - Virtual Network Laboratory Platform DETER Lab - Defense Technology Experimental Research Laboratory V-Lab - Cloud-based Resource and Service Sharing Platform Hosted locally and Full-control SEED Labs - Hands-on Laboratory Exercises OCCP - Open Cyber Challenge Platform ISERink - Internet-Scale Event and Attack Generation Environment Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 4 / 31

  5. Introduction Problems with Existing Platforms Problems with Exisitng Platforms Don’t support teamwork - Most of them Don’t support customization - Deployed in cloud Difficult to configure/deploy - OCCP, ISERink Limited to small LAN labs - SEED Lab Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 5 / 31

  6. Introduction Our Solution Our solution - Platoon Platoon Platform Properties Mimics a business network Deployed on a single machine Fit for cybersecurity labs Fit for competitions, projects Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 6 / 31

  7. Introduction Our Solution Our solution - Platoon Platoon Platform Properties Platoon Platform Benefits Mimics a business network Supports teamwork Supports customization Deployed on a single machine Fit for cybersecurity labs Quick, automatic deployment Enhance learning outcomes Fit for competitions, projects Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 7 / 31

  8. System Design Platoon Quickview Designed to be a versatile system for various security education scenarios assisting security courses in high schools or colleges hosting cyber defense competitions creating environments for IT training or security research The network design makes it particularly suitable for team-based exercises Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 8 / 31

  9. System Design Platoon Objectives Platoon Objectives Native support for teamwork Aimed to support labs/projects for multiple teams and individuals Cost-effectiveness Deployed on a regular machine and with one hour labor of a student Functionality Instantiate a typical business network with a common set of services Deployability Deployed in an automatic manner with minimal human intervention Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 9 / 31

  10. System Design Platoon Structure Platoon Structure Figure: Network topology of the Platoon platform Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 10 / 31

  11. System Design Platoon Structure Platoon used in Competition/Exercise A blue team is a group of students or trainees A red team is constituted by professional penetration testers A white team consists of room monitors or onsite judges A gold team is comprised of competition organizers and sponsors Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 11 / 31

  12. System Design Platoon Structure Platoon used in Teaching A blue team is a group of undergraduate/graduate students A red team is not needed A white team is not needed A gold team is comprised of course instructors Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 12 / 31

  13. System Design Platoon Components Platoon Components Five main components Blue team server network Edge router Central vSwitch Scoring engine Perimeter firewall Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 13 / 31

  14. System Design Platoon Components Blue Team Server Network A small business network setting with common application servers, e.g. Web, Email, FTP in DMZ and LAN A pfSense firewall is configured to separate DMZ, LAN from WAN A Ubuntu workstation is provisioned on the “WAN” segment to test client access from the “Internet” Access to the LAN application servers from DMZ is blocked Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 14 / 31

  15. System Design Platoon Components Edge Router Connects to a blue team server network and acts as that network’s gateway Provides one-to-one NAT to map a “public” IP address to the internal IP address for each virtual server Virtual servers can be accessed from outside with different destination IP addresses instead of using the same IP address but different port numbers Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 15 / 31

  16. System Design Platoon Components Central vSwitch Built-in vSwitch provided by VMware vSphere ESXi Used for creating VLANs to separate different network’s traffic A VLAN trunk link is created between central vSwitch and perimeter firewall to carry traffic for VLAN access links Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 16 / 31

  17. System Design Platoon Components Scoring Engine Offers real-time service scores by sending probes to detect service status Includes common services such as DNS, HTTP/HTTPS, POP3, FTP Different teams are distinguished at the scoring board with different IDs Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 17 / 31

  18. System Design Platoon Components Scoring Engine cont. Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 18 / 31

  19. System Design Platoon Components Perimeter Firewall Controls the communications between the platform and the Internet Prevents malicious traffic leaving out of the platform and protects the platform from being attacked from outside Manages VLAN subnets and achieves inter-VLAN communications Manages OpenVPN servers & provides secure access for remote teams Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 19 / 31

  20. Deployment Deployment Requirements Deployment Deployment Features Platoon can be deployed in an easy and automatic manner Platoon can run well on consumer grade off-the-shelf hardware Deployment Requirements ESXi has to be installed before the deployment of Platoon Two physical network cards (NICs) are needed Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 20 / 31

  21. Deployment Deployment Requirements Deployment cont. Once ESXi is installed, we can start deploying Platoon ... Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 21 / 31

  22. Usage Usage Administrator’s Perspective User’s Perspective Create OpenVPN user accounts Establish a VPN connection to on perimeter firewall the Platoon platform Distribute OpenVPN credential Access Linux or Windows servers files (e.g. .ovpn & .key) to users via SSH or RDP Start the built-in scoring system Configure firewall via a browser Network Isolation A blue team member is only allowed to access his blue team server network Servers in different blue team networks can’t talk with each other Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 22 / 31

  23. Evaluation System Performance System Performance Background Info Host a small cyber-defense exercises with 2 blue team networks Platoon was deployed on a Dell Optiplex 990 PC 10 cs undergraduate students who had little security experience formed 2 blue teams with 5 students in each team 4 students who had security experience/skills working as a red team Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 23 / 31

  24. Evaluation System Performance System Performance cont. (a) CPU usage (b) Memory usage Figure: CPU and Memory usage on the ESXi host Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 24 / 31

  25. Evaluation User Feedback User Feedback 1 Rate your experience in Windows server management 2 Rate your experience in Linux server management 3 Rate your experience in network management 4 You have a strong motivation to learn and apply cyber defense 5 Rate your knowledge/skills in hardening servers 6 Rate your knowledge/skills in securing network 7 Rate your knowledge/skills in identifying attacks 8 Teamwork is a critical element for effective cyber defense Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 25 / 31

Recommend


More recommend