KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S - - PowerPoint PPT Presentation

kypo a platform for cyber defence exercises
SMART_READER_LITE
LIVE PREVIEW

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S - - PowerPoint PPT Presentation

Dec 06, 2022 443 likes •650 views

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence (MSG- 133 ), Munich, Germany 15 th October, 2015 Pavel ELEDA, Jakub EGAN Jan VYKOPAL,

slide-1
SLIDE 1

KYPO — A PLATFORM FOR CYBER DEFENCE EXERCISES

Symposium on “M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence” (MSG-133), Munich, Germany 15th October, 2015

Pavel ČELEDA, Jakub ČEGAN Jan VYKOPAL, Daniel TOVARŇÁK

{celeda|cegan|jan.vykopal|danos}@mail.muni.cz

slide-2
SLIDE 2

KYPO Vision & Goals

Vision Provide unique environment for research and development of new methods to protect critical infrastructure against cyber attacks in Czech Republic. Goals Cloud infrastructure, threat detection & advanced visualization. Cyber security courses and exercises – hands-on. Contribution Increase readiness of Czech Republic in cyber research. Advance training methods for security teams (CERT/CSIRT).

KYPO — A Platform for Cyber Defence Exercises Page 2 / 19

slide-3
SLIDE 3

KYPO Architecture

KYPO — A Platform for Cyber Defence Exercises Page 3 / 19

slide-4
SLIDE 4

KYPO Architecture

Various Scenarious User Interface Cloud Users

KYPO — A Platform for Cyber Defence Exercises Page 4 / 19

slide-5
SLIDE 5

KYPO Use Cases

KYPO — A Platform for Cyber Defence Exercises Page 5 / 19

slide-6
SLIDE 6

Cyber Research & Development

Sandbox design makes experiments easily repeatable. Provides monitoring using NetFlow and packet capture (PCAP). Data is stored for further analysis or fast replay of experiment.

KYPO — A Platform for Cyber Defence Exercises Page 6 / 19

slide-7
SLIDE 7

Forensics Analysis & Network Simulations

Adjustments of the sandbox according to malware actions. Malware is kept in a safe isolated environment. Various tools can be used during the analysis in the sandbox.

KYPO — A Platform for Cyber Defence Exercises Page 7 / 19

slide-8
SLIDE 8

Security Training & Exercises

Covering skills needed by both users and ICT administrators. Main advantages are high rate of interactivity, built-in monitoring, and remote access to all computers for students.

KYPO — A Platform for Cyber Defence Exercises Page 8 / 19

slide-9
SLIDE 9

The Design of a Cyber Defence Exercise

KYPO — A Platform for Cyber Defence Exercises Page 9 / 19

slide-10
SLIDE 10

Cyber Exercise Design

Cyber Czech 2015 – October 6-7, 2015 Objectives Focused on defending critical information infrastructure. Participants are put into the role of CSIRT members sent into unknown organizations to recover compromised networks. They have to secure the simulated infrastructure, investigate attacks and cooperate with media and organizers. Attackers are skilled and coordinated with unclear motivations.

KYPO — A Platform for Cyber Defence Exercises Page 10 / 19

slide-11
SLIDE 11

Roles

Blue T eam Red T eam

  • attack
  • scan
  • penetrate
  • secure
  • monitor
  • defense

Green T eam

  • maintain
  • repair
  • fix

White T eam

  • rules
  • score
  • guide

KYPO — A Platform for Cyber Defence Exercises Page 11 / 19

slide-12
SLIDE 12

Technical Implementation

? ?

Blue T eam N

Blue T eam 1

DMZ Desktop Segment Server Segment Gateway INTERNET Global Network

D N S

.ex

www www

KYPO — A Platform for Cyber Defence Exercises Page 12 / 19

slide-13
SLIDE 13

Monitoring Infrastructure

Built-in network traffic monitoring (provided by the KYPO platform). Ad-hoc host-based monitoring (based on Syslog). Ad-hoc service monitoring based on Nagios (network- and host-based). Basis for the scoring system and post-mortem evaluation of the exercise.

KYPO — A Platform for Cyber Defence Exercises Page 13 / 19

slide-14
SLIDE 14

Scoring Implementation

Availability of requested services – based on Nagios monitoring. Resistance to prepared attacks – manually rated and entered by Red team members. Quality of reporting to the organizers and media – manually assessed by White team. Penalty for 10-minutes direct access to particular host simulating physical visit of a server room – entered by White team.

KYPO — A Platform for Cyber Defence Exercises Page 14 / 19

slide-15
SLIDE 15

Physical Facility – KYPO Laboratory

KYPO — A Platform for Cyber Defence Exercises Page 15 / 19

slide-16
SLIDE 16

Physical Facility – Cyber Czech 2015

All Blue team members (20 people) invited to KYPO Lab. 1 team = 4 people around a table with 3 desktops.

KYPO — A Platform for Cyber Defence Exercises Page 16 / 19

slide-17
SLIDE 17

Conclusion

KYPO — A Platform for Cyber Defence Exercises Page 17 / 19

slide-18
SLIDE 18

KYPO – Cyber Exercise & Research Platform

Summary Largest (academic) cyber range in the Czech Republic. First Czech national cyber exercise – Cyber Czech 2015. Looking for R&D partners and cyber security practioners.

KYPO — A Platform for Cyber Defence Exercises Page 18 / 19

slide-19
SLIDE 19

THANK YOU FOR YOUR ATTENTION.

www.kypo.cz

Pavel Čeleda et al.

@csirtmu celeda@mail.muni.cz