The development of online technology allows us to communicate and conduct business with people from all over the world. However, this also means that our business endeavours and communication channels can become vulnerable to attacks and all sorts of security issues. Therefore, it’s important to keep the staff educated in terms of detecting and tackling security problems that may occur at any time. This need lead to the creation of all sorts of cybersecurity training software solutions, however, the price, functionality, and application of these pieces of software are often a barrier for companies with limited resources. Recently, a breakthrough was made with CyRIS (Cybersecurity Education and Training Support System) that allows simplified, customizable training with limited technical knowledge requirements. This article is going to guide us through the specifics and the benefits of this software solution to cybersecurity education.
Is CyRIS Learning Management Software?
To conduct a training session, the organizer needs to set up a virtual environment called “cyber range” which serves as a training ground for company staff. The main issue with cyber range creation is that it requires a highly skilled trainer to manually create an environment for each participant. Furthermore, the training content is constant which means one would have to manually create a cyber range for different training sessions like password cracking, port listening, DDOS attack, and other forms of security risks.
CyRIS is a software solution that allows automatic creation of training environment based on the organizer’s instructions. Per example, let’s say a certain company is conducting a cybersecurity training session for their staff. The trainer inputs different security breach instructions for various members of the staff and CyRIS automatically generates cyber range according to given instructions.
CyRIS is also a core component of CyTrONE which is a training framework that allows integration of CyRIS and Learning Management Software (LMS). It basically means that trainees use MLS to view training instructions, access the training environment created via CyRIS, and deliver answers to questions. Therefore, it’s easy to conclude that this software solution is intended for security specialists since CyRIS doesn’t include mechanisms for interaction with the training participants. However, any LMS option can connect with the training environment thanks to CyTrONE framework.
Cyber range creation
To create a cyber range that defines the training environment conditions, there are three types of settings:
- Host Setting – With it, we can define the host or hosts where the cyber range(s) will be deployed.
- Guest Setting – This cyber range component includes details regarding Virtual Machine (VM) image, like the location and its properties, as well as Setup task that are required for preparation of Guest. Setup task can include account operations, software installation, emulation of the security incident, etc.
- Clone Setting – The final piece of the puzzle is determining the number of cyber ranges to be created, the number of clones for each guest, network topology, and other required details.
Thanks to YAMIL data serialization standard, cyber range characteristics are defined using custom tags, which makes the instructions easier to input.
Now that we know what CyRIS represents and how the cyber range creation process flows, we should investigate the training potential of this innovative piece of software. It’s important to state that the functionality evaluation was conducted according to U.S. NIST Technical Guide to Information
Security Testing and Assessment. The Guide includes three basic forms of security testing:
- Review techniques: This form of security assessment includes educating staff members and customwriters on reviewing documents, logs, network sniffing, and file integrity checking.
- Target identification and analysis techniques: Incorporated within this type of security training are vulnerability scanning, network discovery, network port and services identification.
- Target vulnerability validation techniques: These techniques include penetration testing, password cracking, and social engineering.
To address each of these techniques, CyRIS provides sets of training environment setup and security content generation features according to technique requirements. Some of the features are used to approach more than one technique, depending on their specifics.
Training environment setup features include:
- Account management
- Tool installation
- File copy
- Program execution
- Network configuration
Security content generation features:
- Firewall configuration
- Malware emulation
- Attack emulation
- Traffic Capture
To place the use of these features into perspective we’ll take three sample techniques and describe how CyRIS helps in addressing these issues.
Documentation review training (review technique training)
This is a simple training process, which requires participants to review a certain document by opening it and reading through its content. To perform the training session, the software uses the File copy feature that creates a copy of the original document and sends it to the user for inspection. Upon inspecting the document, the trainee can answer any questions regarding the document using LMS.
Network discovery training (target identification and analysis training)
To perform network discovery training it’s necessary to configure network through the Network configuration environment setup feature. Besides, the installation of tools that the trainees will use during the Network discovery training is also required. Tool installation feature provides the participants with any tools they would need to use to conduct training.
Password cracking training (Target vulnerability validation training)
For password cracking training session CyRIS provides two necessary features. Account management functionality allows the creation of a user account. The creation of a user account provides a playfield for password discovery since we don’t want to jeopardize an existing user account. To crack the password, we would require a tool able to perform such a task, which is why CyRIS uses Tool installation function to install cracking software like “John the Ripper” or some other tool.
To show the potential that CyRIS holds for large scale training session, we’ll review a performance evaluation experiment conducted on two levels. The first level experiment included basic training sessions created for 600 cyber range instances, while level 2 included some more demanding training for 300 teaching environments.
In both cases, the preparation and installation time took just a few minutes. The most time-consuming part of the experiment was the Cloning process, due to a large number of VM images that needed to be created for so many trainees, which took around 20 minutes on average for both Levels. Comparing to its closest competitor, Alfons, the most important benefit of CyRIS system is parallel cyber range creation method, whilst Alfons creates training environments subsequently. This means faster and less error-prone training preparation process.
Given the above information, we can conclude that CyRIS is a cybersecurity training support system that allows automated creation of training environment for multiple trainees. Its major benefits are the flexibility, low-cost, and extensive use of parallelism that allows fast setup and installation process. Furthermore, because the entire mechanism is developed with NIST Technical Guide for Information Security Testing and Assessment as a reference, it offers a broad array of training possibilities.
Latest posts by Susan Wallace (see all)
- What is CyRIS and How Could It Help with Cybersecurity Education - 21:00, 10 Nov 2019