What is Cyber Range – How to Build and Hack like a Pro? – Techbytes
With the rising number of Cyber threats, you must prepare adequately for any kinds of threats your company may face. In cases of Id theft, data breaches, data outages from hacker attacks, and other vulnerabilities, one needs to be well prepared.
A cyber range is an isolated virtual environment where engineers, enthusiasts, and researchers explore their capabilities and expertise and test new techniques. To understand more, you need to understand more about building a cyber range and why it is vital for cybersecurity.
Understanding cyber range and its popularity
Though building a cyber range is nothing new, it has gained immense popularity in the past. More companies, universities, non-government organizations, and governments seem to take a more serious interest in the practice. The traditional on-prem ranges that were expensive to set up have lost their use to cloud architectures.
AWS offers a good place where you can build your cyber range. However, setting up may not be easy. It is also essential to know how to go about the process, limit access and tailor everything to achieve the desired results.
AWS is a flexible service that allows you to pay only when the services are in use. You can create templates that you can use and tear down when needed. With that, you can iterate your cyber range and make it similar to your production environment.
How to build a cyber range to hack like a pro?
The following is a well-explained guide that explains how to build a cyber range.
Networking
To build a cyber range, you must create the network first. Most important, a cyber range should be isolated by which you must take full charge of and provide security. It is also a place where you will play with various types of malware and malicious code. In that space, you will keep it far from the live environment. The simulations must mimic the real-world environment, such as internal systems and public internet connections.
AWS offers a wide range of services that you can use to create an isolated cyber range.
• Amazon Virtual cloud private cloud (Amazon VPC). The service lets you create a logically secluded section of AWS. When you define your virtual network, you will use the same platform to launch AWS resources.
Using traffic mirroring, you can copy live network traffic from Elastic network traffic.
• AWS transit gateway connects your Amazon VPC to your onsite networks to one interface
• Interface VPC endpoints connect your VPC to supported AWS services. Similarly, it links VPC endpoint services powered by AWS Private link. You can do this without a NAT device, VPN connection, Internet gateway, or AWS network connection.
AWS allows you to build an isolated software-defined network for your cyber range. When you have a VPC, you have total control over sub-nets, routing, and IP CIDR. You can use the AWS CPR to add or subtract any environments and route traffic between VPCs. Since you cannot connect to a public network on a VPC, you need another way to connect the various AWS services without leaving your cyber range isolated network. Additionally, make VPC endpoints in a way that they do not need a network connection.
Accessing the system
Typical tools must not access the isolated cyber range. With that participants, and administrators need AWS services that they can utilize according to the use and role.
For AWS services, there are two roles services which are Administrator and participant. Administrators are in charge of building, maintaining, and designing the environment. They are also known as the black team. The participants should fit into three roles. There is a red team for attacking, a blue team defending, and a purple team that performs both duties.
The administrators' team can use the following
AWS systems manager that gives visibility into your infrastructure on AWS.
Amazon EC2
As the admin, you can run SSH, RDP, and run commands. You can also schedule commands. S3 and VPC endpoints are vital ways to transmit and share files within the environment. With EC2, you have a reliable host for all applications used by participants while administrators manage them through the systems manager.
Participants, on the other hand, can make good use of the Amazon workspaces. The Amazon workspaces have secure desktops, and it is a managed service.
Participants get virtual desktops with which they can access the isolated cyber range. Once they are in, they can attack or defend the resources in the environment. They can also use the same operating systems they are accustomed to in the real world while still working within the isolated cyber range.
Realism
A realistic cyber range provides a satisfactory experience for the participants. When incorporating realism, you must consider toolset, communications, procedures, techniques, and more. It is essential to recreate the toolsets used in real life.
The reusable golden Amazon machine images(AMIs) have configurations and tools typically installed in a machine. With the help of a builder, you can slot all the appropriate systems into the environment.
If looking to copy the tactics of your adversary, get a scaled-down functional copy of the internet. Amazon route 53 and Amazon route 53 resolver can help you test your ability to protect your system from malicious attacks from unknown domains.
Logging and monitoring
The whole point is to ensure that the participants use the same tools they use in real life. VPC traffic monitoring can help you use several IDS products. Using their documentation, you can use open-source tools such as Zeek and Suricata. Use VXLAN as a network monitoring tool.
Tools outside VPC should be linked using the AWS private link.
Amazon cloud watch logs can aggregate operation system logs, application logs, and AWS system logs. A dedicated security logging account can share cloud watch logs.
Third-party tools you may be using might require you to get tailored tools for your AWS account. You can find the tools on the AWS marketplace.
A Cyber range is typically like a gun range. The only difference is that a cyber range tests tools and weapons that you can use to enhance cybersecurity. The information answers the question of how to build a cyber range and hack like a pro. Gather everything you need and start working. Aws can get you started on everything you need to get your cybersecurity to another level.
