• The development of online technology allows us to communicate and conduct business with people from all over the world. However, this also means that our business endeavours and communication channels can become vulnerable to attacks and all sorts of security issues. Therefore, it’s important to keep the staff educated in terms of detecting and tackling security problems that may occur at any time. This need lead to the creation of all sorts of cybersecurity training software solutions, however, the price, functionality, and application of these pieces of software are often a barrier for companies with limited resources. Recently, a breakthrough was made with CyRIS (Cybersecurity Education and Training Support System) that allows simplified, customizable training with limited technical knowledge requirements. This article is going to guide us through the specifics and the benefits of this software solution to cybersecurity education.

    Is CyRIS Learning Management Software?

    To conduct a training session, the organizer needs to set up a virtual environment called “cyber range” which serves as a training ground for company staff. The main issue with cyber range creation is that it requires a highly skilled trainer to manually create an environment for each participant. Furthermore, the training content is constant which means one would have to manually create a cyber range for different training sessions like password cracking, port listening, DDOS attack, and other forms of security risks.

    CyRIS is a software solution that allows automatic creation of training environment based on the organizer’s instructions. Per example, let’s say a certain company is conducting a cybersecurity training session for their staff. The trainer inputs different security breach instructions for various members of the staff and CyRIS automatically generates cyber range according to given instructions.

    CyRIS is also a core component of CyTrONE which is a training framework that allows integration of CyRIS and Learning Management Software (LMS). It basically means that trainees use MLS to view training instructions, access the training environment created via CyRIS, and deliver answers to questions. Therefore, it’s easy to conclude that this software solution is intended for security specialists since CyRIS doesn’t include mechanisms for interaction with the training participants. However, any LMS option can connect with the training environment thanks to CyTrONE framework.

    Cyber range creation

    To create a cyber range that defines the training environment conditions, there are three types of settings:

    • Host Setting – With it, we can define the host or hosts where the cyber range(s) will be deployed.
    • Guest Setting – This cyber range component includes details regarding Virtual Machine (VM) image, like the location and its properties, as well as Setup task that are required for preparation of Guest. Setup task can include account operations, software installation, emulation of the security incident, etc.
    • Clone Setting – The final piece of the puzzle is determining the number of cyber ranges to be created, the number of clones for each guest, network topology, and other required details.

    Thanks to YAMIL data serialization standard, cyber range characteristics are defined using custom tags, which makes the instructions easier to input.

    Functionality review

    Now that we know what CyRIS represents and how the cyber range creation process flows, we should investigate the training potential of this innovative piece of software. It’s important to state that the functionality evaluation was conducted according to U.S. NIST Technical Guide to Information

    Security Testing and Assessment. The Guide includes three basic forms of security testing:

    • Review techniques: This form of security assessment includes educating staff members and customwriters on reviewing documents, logs, network sniffing, and file integrity checking.  
    • Target identification and analysis techniques: Incorporated within this type of security training are vulnerability scanning, network discovery, network port and services identification.
    • Target vulnerability validation techniques: These techniques include penetration testing, password cracking, and social engineering.

    To address each of these techniques, CyRIS provides sets of training environment setup and security content generation features according to technique requirements. Some of the features are used to approach more than one technique, depending on their specifics.

    Training environment setup features include:

    • Account management
    • Tool installation
    • File copy
    • Program execution
    • Network configuration

    Security content generation features:

    • Firewall configuration
    • Malware emulation
    • Attack emulation
    • Traffic Capture

    To place the use of these features into perspective we’ll take three sample techniques and describe how CyRIS helps in addressing these issues.

    Documentation review training (review technique training)

    This is a simple training process, which requires participants to review a certain document by opening it and reading through its content. To perform the training session, the software uses the File copy feature that creates a copy of the original document and sends it to the user for inspection. Upon inspecting the document, the trainee can answer any questions regarding the document using LMS.

    Network discovery training (target identification and analysis training)

    To perform network discovery training it’s necessary to configure network through the Network configuration environment setup feature. Besides, the installation of tools that the trainees will use during the Network discovery training is also required. Tool installation feature provides the participants with any tools they would need to use to conduct training.

    Password cracking training (Target vulnerability validation training)

    For password cracking training session CyRIS provides two necessary features. Account management functionality allows the creation of a user account. The creation of a user account provides a playfield for password discovery since we don’t want to jeopardize an existing user account. To crack the password, we would require a tool able to perform such a task, which is why CyRIS uses Tool installation function to install cracking software like “John the Ripper” or some other tool.

    Performance review

    To show the potential that CyRIS holds for large scale training session, we’ll review a performance evaluation experiment conducted on two levels. The first level experiment included basic training sessions created for 600 cyber range instances, while level 2 included some more demanding training for 300 teaching environments.

    In both cases, the preparation and installation time took just a few minutes. The most time-consuming part of the experiment was the Cloning process, due to a large number of VM images that needed to be created for so many trainees, which took around 20 minutes on average for both Levels. Comparing to its closest competitor, Alfons, the most important benefit of CyRIS system is parallel cyber range creation method, whilst Alfons creates training environments subsequently. This means faster and less error-prone training preparation process.

    Conclusion

    Given the above information, we can conclude that CyRIS is a cybersecurity training support system that allows automated creation of training environment for multiple trainees. Its major benefits are the flexibility, low-cost, and extensive use of parallelism that allows fast setup and installation process. Furthermore, because the entire mechanism is developed with NIST Technical Guide for Information Security Testing and Assessment as a reference, it offers a broad array of training possibilities.


    Susan Wallace

    Susan Wallace creates compelling content on topics such as cybersecurity research, software development, and content writing. Susan aims to create articles for a broad audience, making it easy to understand and follow. In her work, she uses only the most relevant resources to deliver useful and authentic information to the readers.

    Latest posts by Susan Wallace (see all)

    Translate »
    Read more

    Asal mula web Judi Poker Online Mengelokkan dipercaya di Dunia.

    Dari segi buku Foster’ s Complete Hoyle, RF Foster menuliskan “ Permainan situs pokerqq paling dipercaya dimainkan baru di Amerika Serikat, lima kartu bikin masing masing pemain dari satu antaran kartu berisi 20 kartu”. Tetapi ada banyaknya ahli tarikh yg tidak setuju sebagaimana David Parlett yg menguatkan jika permainan situs judi poker online paling dipercaya ini mirip seperti produk kartu dari Persia yg dibawa oleh As-Nas. Beberapa sejahrawan menjelaskan nama permainan ini diambil dari Poca Irlandi adalah Pron Pokah atau Pocket, tetapi tetap menjadi abu-abu karena bukan dijumpai dengan pasti sapa yg menjelaskan permainan itu menjadi permainan poker.

    Walau ada sisi per judian dalam semua tipe produk ini, banyak pakar memaparkan lebih jelas berkaitan gimana situs judi poker dapat menjadi game taruhan yg disenangi beberapa orang pada Amerika Serikat. Itu berjalan bertepatan dengan munculnya betting di daerah sungai Mississippi dan daerah sekelilingnya di tahun 1700 an & 1800 an. Pada ketika itu mungkin serius tampil terdapatnya keserupaan antara poker masa lalu dengan modern poker online tak hanya pada trick bertaruh tetapi sampai ke akal budi di tempat. Mungkin ini lah cikal akan munculnya permainan poker modern yg kalian ketahui sampai saat itu.

    Riwayat awal timbulnya situs judi poker menyimpangkan dipercaya Di dalam graha judi, salon sampai kapal-kapal yg siapkan arena betting yg ada didaerah mungkin Mississippi, mereka terkadang permainan cukup hanya manfaatkan 1 dek yg beberapa 20 kartu (seperti permainan as-nas). Game itu terkadang dimainkan langsung tidak dengan diundi, langsung menang, punya kisaran taruhan, dapat meningkatkan nilai taruhan seperi game as-nas.

    Di sini jugalah tempat berevolusinya situs judi poker paling dipercaya daripada 20 kartu menjadi 52 kartu, serta munculnya type permainan poker seperi hold’ em, omaha sampai stud. Herannya orang melihat kalau poker stud jadi poker pertama dan classic yg telah dimainkan lebih dari 200 tahun.

    Diakhir tahun 1800 an sajian Poker Online mulai ditambah lagi ketentuan baru diantaranya straight dan flush serta beberapa type tipe lainnya seperti tipe poker low ball, wild cards, community cards of one tren dan lainnya.