Re: What is a cyber-range?

[hal999 () att blackberry net]

The gentleman makes a very interesting point regarding the actual gear, software routing, and bandwidth. 

I'd offer that the usefulness of BP gear is in testing the nominal, positive, operation of functional security 
controls, and ramped up at speeds the big providers/movers operate at (OC+ rates). 

An application running on some general purpose pc's driving even Gig rate LAN cards may not be able to adequately test 
the failure modes of operation of the latest network appliances. Vendors like Spirent have sw/hw mixes of products that 
test normal functionality, but not the components designed to trap/divert/respond/etc to hostile or negative actors. 

Additionally, since the engineer knows the original state of generated conditions on the network (because his/her BP 
box is generating them), identification of Type I and II errors in security controls can be identified and measured 
with an increased sense of accuracy. 

'Sins of commission and omission, equally damaging, equally deadly', as Father Hurley used to say, when speaking of the 
Alibi Club, on the road to Damascus.  

Carpe Noctem.

Best, Hal

Sent via BlackBerry by AT&T

-----Original Message-----
From: "Dobbins, Roland" <rdobbins () arbor net>
Sender: dailydave-bounces () lists immunityinc com
Date: Thu, 7 Jul 2011 02:24:26 
To: dailydave<dailydave () lists immunityinc com>
Subject: Re: [Dailydave] What is a cyber-range?

On Jul 7, 2011, at 6:40 AM, J.A. Terranson wrote:

> These old virtual routing platforms are cheap, easy to find on ebay or ebay-like sales arenas, and if stacked in the 
> hundreds could *easily*
> simulate many hundreds of thousands of routers, while server farms cab be injected at appropriate points to simulate 
> the "local networks" residing
> on these routers.


What they don't allow one to do is to launch attacks and test their effects on actual, modern, hardware-based routers 
and layer-3 switches.

The viability of software-based Internet edge routers ended 7-8 years ago; any organization still relying on 
software-based edge routers can be taken down with a trivial DDoS attack, so no stress-testing of such architectures is 
really required, heh.

Also, the use of software-based routers/switches limits the attack bandwidth (bps) and throughput (pps) which can be 
utilized; this seriously limits the scope of resilience testing with regards to DDoS attacks.

On a side note, I've generally found that non-ironic use of the appellation 'cyber-' to be inversely proportional to 
actual security clue.  Therefore, I'd urge the really smart folks at Breakingpoint and other knowledgeable folks to 
avoid using the term 'cyber-range'; 'attack lab', 'testbed', et. al. are more descriptive and accurate, and don't carry 
the taint of Big Security hand-waving.

;>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave