[PPT] - Platoon: A Virtual Platform for Team-oriented Cybersecurity Training PowerPoint Presentation

SLIDE 1

Platoon: A Virtual Platform for Team-oriented Cybersecurity Training and Exercises

Yanyan Li, Mengjun Xie

Department of Computer Science University of Arkansas at Little Rock {yxli5, mxxie}@ualr.edu

September 29, 2016

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 1 / 31

SLIDE 2

Outline

1

Introduction Cybersecurity Education Problems with Existing Platforms Our Solution

2

System Design Platoon Objectives Platoon Structure Platoon Components

3

Deployment Deployment Requirements

4

Usage

5

Evaluation System Performance User Feedback

6

Conclusion

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 2 / 31

SLIDE 3

Introduction Cybersecurity Education

Cybersecurity Education Methods

Regular Lecture - Learns basic security knowledge Case Study - Applies security knowledge to real world scenario Hands-on Exercise - Obtains practical cyber security skills Competition - Works as a corporate cyber security team

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 3 / 31

SLIDE 4

Introduction Cybersecurity Education

Cybersecurity Exercise Platforms

In the Cloud and Full-access V-NetLab - Virtual Network Laboratory Platform DETER Lab - Defense Technology Experimental Research Laboratory V-Lab - Cloud-based Resource and Service Sharing Platform Hosted locally and Full-control SEED Labs - Hands-on Laboratory Exercises OCCP - Open Cyber Challenge Platform ISERink - Internet-Scale Event and Attack Generation Environment

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 4 / 31

SLIDE 5

Introduction Problems with Existing Platforms

Problems with Exisitng Platforms

Don’t support teamwork - Most of them Don’t support customization - Deployed in cloud Difficult to configure/deploy - OCCP, ISERink Limited to small LAN labs - SEED Lab

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 5 / 31

SLIDE 6

Introduction Our Solution

Our solution - Platoon

Platoon Platform Properties

Mimics a business network Deployed on a single machine Fit for cybersecurity labs Fit for competitions, projects

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 6 / 31

SLIDE 7

Introduction Our Solution

Our solution - Platoon

Platoon Platform Properties

Mimics a business network Deployed on a single machine Fit for cybersecurity labs Fit for competitions, projects

Platoon Platform Benefits

Supports teamwork Supports customization Quick, automatic deployment Enhance learning outcomes

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 7 / 31

SLIDE 8

System Design

Platoon Quickview

Designed to be a versatile system for various security education scenarios assisting security courses in high schools or colleges hosting cyber defense competitions creating environments for IT training or security research The network design makes it particularly suitable for team-based exercises

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 8 / 31

SLIDE 9

System Design Platoon Objectives

Platoon Objectives

Native support for teamwork

Aimed to support labs/projects for multiple teams and individuals

Cost-effectiveness

Deployed on a regular machine and with one hour labor of a student

Functionality

Instantiate a typical business network with a common set of services

Deployability

Deployed in an automatic manner with minimal human intervention

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 9 / 31

SLIDE 10

System Design Platoon Structure

Platoon Structure

Figure: Network topology of the Platoon platform

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 10 / 31

SLIDE 11

System Design Platoon Structure

Platoon used in Competition/Exercise

A blue team is a group of students or trainees A red team is constituted by professional penetration testers A white team consists of room monitors or onsite judges A gold team is comprised of competition organizers and sponsors

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 11 / 31

SLIDE 12

System Design Platoon Structure

Platoon used in Teaching

A blue team is a group of undergraduate/graduate students A red team is not needed A white team is not needed A gold team is comprised of course instructors

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 12 / 31

SLIDE 13

System Design Platoon Components

Platoon Components

Five main components

Blue team server network Edge router Central vSwitch Scoring engine Perimeter firewall

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 13 / 31

SLIDE 14

System Design Platoon Components

Blue Team Server Network

A small business network setting with common application servers, e.g. Web, Email, FTP in DMZ and LAN A pfSense firewall is configured to separate DMZ, LAN from WAN A Ubuntu workstation is provisioned

n the “WAN” segment to test client

access from the “Internet” Access to the LAN application servers from DMZ is blocked

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 14 / 31

SLIDE 15

System Design Platoon Components

Edge Router

Connects to a blue team server network and acts as that network’s gateway Provides one-to-one NAT to map a “public” IP address to the internal IP address for each virtual server Virtual servers can be accessed from

utside with different destination IP

addresses instead of using the same IP address but different port numbers

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 15 / 31

SLIDE 16

System Design Platoon Components

Central vSwitch

Built-in vSwitch provided by VMware vSphere ESXi Used for creating VLANs to separate different network’s traffic A VLAN trunk link is created between central vSwitch and perimeter firewall to carry traffic for VLAN access links

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 16 / 31

SLIDE 17

System Design Platoon Components

Scoring Engine

Offers real-time service scores by sending probes to detect service status Includes common services such as DNS, HTTP/HTTPS, POP3, FTP Different teams are distinguished at the scoring board with different IDs

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 17 / 31

SLIDE 18

System Design Platoon Components

Scoring Engine cont.

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 18 / 31

SLIDE 19

System Design Platoon Components

Perimeter Firewall

Controls the communications between the platform and the Internet Prevents malicious traffic leaving out of the platform and protects the platform from being attacked from outside Manages VLAN subnets and achieves inter-VLAN communications Manages OpenVPN servers & provides secure access for remote teams

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 19 / 31

SLIDE 20

Deployment Deployment Requirements

Deployment

Deployment Features

Platoon can be deployed in an easy and automatic manner Platoon can run well on consumer grade off-the-shelf hardware

Deployment Requirements

ESXi has to be installed before the deployment of Platoon Two physical network cards (NICs) are needed

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 20 / 31

SLIDE 21

Deployment Deployment Requirements

Deployment cont.

Once ESXi is installed, we can start deploying Platoon ...

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 21 / 31

SLIDE 22

Usage

Administrator’s Perspective

Create OpenVPN user accounts

n perimeter firewall

Distribute OpenVPN credential files (e.g. .ovpn & .key) to users Start the built-in scoring system

User’s Perspective

Establish a VPN connection to the Platoon platform Access Linux or Windows servers via SSH or RDP Configure firewall via a browser

Network Isolation

A blue team member is only allowed to access his blue team server network Servers in different blue team networks can’t talk with each other

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 22 / 31

SLIDE 23

Evaluation System Performance

System Performance

Background Info

Host a small cyber-defense exercises with 2 blue team networks Platoon was deployed on a Dell Optiplex 990 PC 10 cs undergraduate students who had little security experience formed 2 blue teams with 5 students in each team 4 students who had security experience/skills working as a red team

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 23 / 31

SLIDE 24

Evaluation System Performance

System Performance cont.

(a) CPU usage (b) Memory usage

Figure: CPU and Memory usage on the ESXi host

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 24 / 31

SLIDE 25

Evaluation User Feedback

User Feedback

1 Rate your experience in Windows server management 2 Rate your experience in Linux server management 3 Rate your experience in network management 4 You have a strong motivation to learn and apply cyber defense 5 Rate your knowledge/skills in hardening servers 6 Rate your knowledge/skills in securing network 7 Rate your knowledge/skills in identifying attacks 8 Teamwork is a critical element for effective cyber defense Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 25 / 31

SLIDE 26

Evaluation User Feedback

User Feedback

1 Rate your experience in Windows server management 2 Rate your experience in Linux server management 3 Rate your experience in network management 4 You have a strong motivation to learn and apply cyber defense 5 Rate your knowledge/skills in hardening servers 6 Rate your knowledge/skills in securing network 7 Rate your knowledge/skills in identifying attacks 8 Teamwork is a critical element for effective cyber defense Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 26 / 31

SLIDE 27

Evaluation User Feedback

User Feedback

1 Rate your experience in Windows server management 2 Rate your experience in Linux server management 3 Rate your experience in network management 4 You have a strong motivation to learn and apply cyber defense 5 Rate your knowledge/skills in hardening servers 6 Rate your knowledge/skills in securing network 7 Rate your knowledge/skills in identifying attacks 8 Teamwork is a critical element for effective cyber defense Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 27 / 31

SLIDE 28

Evaluation User Feedback

User Feedback cont.

The competition itself was more exciting and interesting than I had expected. I definitely enjoyed the whole experience. Even though it only lasted a few hours, this activity really brought all what was learned in class about network security together, ... I hope this activity, or a variation of it, perhaps with a dedicated red team vs. a blue team, becomes permanent part of the class. I found the experience challenging but exciting. Not only was it thrilling, but I also gained experience I could use on the job.

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 28 / 31

SLIDE 29

Conclusion

Platoon supports teamwork and customization Platoon can be built using an off-the-shelf machine Platoon can be deployed in a quick and automatic manner Used for hands-on labs or hosting cyber-defense competitions

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 29 / 31

SLIDE 30

Conclusion

Want to download and have a try?

Please visit https://www.mengjunxie.org/cyberdefense

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 30 / 31

SLIDE 31

Conclusion

Questions?

Yanyan Li, Mengjun Xie (UALR) Platoon Platform September 29, 2016 31 / 31