I think the point here might be getting missed. The key term is not "cyber" but "Range". DoD came up with this concept years ago, so that they could train offensive and defensive Information Operations (IO) and Information Warfare (IW). The chatter has been interesting about these but entirely missing the mission of Cyber Ranges. The mission of a cyber range is not to test out your uber cool newest super secret script that slips through everything. The mission of the cyber range is much more basic. We need a way to train upcoming IT security staff. Not everyone is born with a Perl book in one hand and a hex editor in the other. The users of the cyber ranges are beyond entry level folks but not yet seasoned security staff. The cyber range is designed as a training tool to pit experienced attackers against still learning defenders. Then in time the defenders become the next generation of attackers. I would not expect them (the students) to catch a really sophisticated a ttack, but this concept allows them to try and catch some medium sophistication attacks. In reality they catch some and miss some. Stop getting hung up on the term "Cyber Range", it is more of a concept than a term. DoD at the highest levels needed a way to get IT out of the "support role" and into a "combat arms" role. The use of the word Range infers an offensive capacity and politically it was exactly the right way to do this. The picture that we are looking at here is much bigger than ones and zeros, it is strategic. The DoD needed a way to ease into IW, and a way to train up for it. Cyber Ranges do exist, they are functional training tools and in my biased opinion a damn good one. But keep in mind I helped build one of the first ones. I am not sure about the company that Dave referenced in this first post about this concept, but I do know firsthand that there are several DoD partners in this market space who are really good. Plug for White Wolf security goes h ere....
Mike Chesmore, CISSP Information Security Officer, ITS5 Information Security Office Department of Administrative Services 515-281-5816 [email protected] http://secureonline.iowa.gov/links/index.html -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Wednesday, July 06, 2011 10:25 PM To: Dobbins, Roland; [email protected]; dailydave Subject: Re: [Dailydave] What is a cyber-range? The gentleman makes a very interesting point regarding the actual gear, software routing, and bandwidth. I'd offer that the usefulness of BP gear is in testing the nominal, positive, operation of functional security controls, and ramped up at speeds the big providers/movers operate at (OC+ rates). An application running on some general purpose pc's driving even Gig rate LAN cards may not be able to adequately test the failure modes of operation of the latest network appliances. Vendors like Spirent have sw/hw mixes of products that test normal functionality, but not the components designed to trap/divert/respond/etc to hostile or negative actors. Additionally, since the engineer knows the original state of generated conditions on the network (because his/her BP box is generating them), identification of Type I and II errors in security controls can be identified and measured with an increased sense of accuracy. 'Sins of commission and omission, equally damaging, equally deadly', as Father Hurley used to say, when speaking of the Alibi Club, on the road to Damascus. Carpe Noctem. Best, Hal Sent via BlackBerry by AT&T -----Original Message----- From: "Dobbins, Roland" <[email protected]> Sender: [email protected] Date: Thu, 7 Jul 2011 02:24:26 To: dailydave<[email protected]> Subject: Re: [Dailydave] What is a cyber-range? On Jul 7, 2011, at 6:40 AM, J.A. Terranson wrote: > These old virtual routing platforms are cheap, easy to find on ebay or > ebay-like sales arenas, and if stacked in the hundreds could *easily* > simulate many hundreds of thousands of routers, while server farms cab be > injected at appropriate points to simulate the "local networks" residing > on these routers. What they don't allow one to do is to launch attacks and test their effects on actual, modern, hardware-based routers and layer-3 switches. The viability of software-based Internet edge routers ended 7-8 years ago; any organization still relying on software-based edge routers can be taken down with a trivial DDoS attack, so no stress-testing of such architectures is really required, heh. Also, the use of software-based routers/switches limits the attack bandwidth (bps) and throughput (pps) which can be utilized; this seriously limits the scope of resilience testing with regards to DDoS attacks. On a side note, I've generally found that non-ironic use of the appellation 'cyber-' to be inversely proportional to actual security clue. Therefore, I'd urge the really smart folks at Breakingpoint and other knowledgeable folks to avoid using the term 'cyber-range'; 'attack lab', 'testbed', et. al. are more descriptive and accurate, and don't carry the taint of Big Security hand-waving. ;> ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
