Re: What is a cyber-range?

["Chesmore, Michael [DAS]" <Michael.Chesmore () iowa gov>]

I think the point here might be getting missed.  The key term is not "cyber" but "Range".  DoD came up with this 
concept years ago, so that they could train offensive and defensive Information Operations (IO) and Information Warfare 
(IW).  The chatter has been interesting about these but entirely missing the mission of Cyber Ranges.  The mission of a 
cyber range is not to test out your uber cool newest super secret script that slips through everything.  The mission of 
the cyber range is much more basic.  We need a way to train upcoming IT security staff.  Not everyone is born with a 
Perl book in one hand and a hex editor in the other. The users of the cyber ranges are beyond entry level folks but not 
yet seasoned security staff.  The cyber range is designed as a training tool to pit experienced attackers against still 
learning defenders. Then in time the defenders become the next generation of attackers. I would not expect them (the 
students) to catch a really sophisticated a
 ttack, but this concept allows them to try and catch some medium sophistication attacks.  In reality they catch some 
and miss some.  Stop getting hung up on the term "Cyber Range", it is more of a concept than a term.  DoD at the 
highest levels needed a way to get IT out of the "support role" and into a "combat arms" role.  The use of the word 
Range infers an offensive capacity and politically it was exactly the right way to do this.  The picture that we are 
looking at here is much bigger than ones and zeros, it is strategic.  The DoD needed a way to ease into IW, and a way 
to train up for it.  Cyber Ranges do exist, they are functional training tools and in my biased opinion a damn good 
one.  But keep in mind I helped build one of the first ones.  I am not sure about the company that Dave referenced in 
this first post about this concept, but I do know firsthand that there are several DoD partners in this market space 
who are really good.  Plug for White Wolf security goes h
 ere....



Mike Chesmore, CISSP
Information Security Officer, ITS5
Information Security Office
Department of Administrative Services
515-281-5816
michael.chesmore () iowa gov
http://secureonline.iowa.gov/links/index.html


-----Original Message-----
From: dailydave-bounces () lists immunityinc com [mailto:dailydave-bounces () lists immunityinc com] On Behalf Of 
hal999 () att blackberry net
Sent: Wednesday, July 06, 2011 10:25 PM
To: Dobbins, Roland; dailydave-bounces () lists immunityinc com; dailydave
Subject: Re: [Dailydave] What is a cyber-range?

The gentleman makes a very interesting point regarding the actual gear, software routing, and bandwidth. 

I'd offer that the usefulness of BP gear is in testing the nominal, positive, operation of functional security 
controls, and ramped up at speeds the big providers/movers operate at (OC+ rates). 

An application running on some general purpose pc's driving even Gig rate LAN cards may not be able to adequately test 
the failure modes of operation of the latest network appliances. Vendors like Spirent have sw/hw mixes of products that 
test normal functionality, but not the components designed to trap/divert/respond/etc to hostile or negative actors. 

Additionally, since the engineer knows the original state of generated conditions on the network (because his/her BP 
box is generating them), identification of Type I and II errors in security controls can be identified and measured 
with an increased sense of accuracy. 

'Sins of commission and omission, equally damaging, equally deadly', as Father Hurley used to say, when speaking of the 
Alibi Club, on the road to Damascus.  

Carpe Noctem.

Best, Hal

Sent via BlackBerry by AT&T

-----Original Message-----
From: "Dobbins, Roland" <rdobbins () arbor net>
Sender: dailydave-bounces () lists immunityinc com
Date: Thu, 7 Jul 2011 02:24:26 
To: dailydave<dailydave () lists immunityinc com>
Subject: Re: [Dailydave] What is a cyber-range?

On Jul 7, 2011, at 6:40 AM, J.A. Terranson wrote:

> These old virtual routing platforms are cheap, easy to find on ebay or ebay-like sales arenas, and if stacked in the 
> hundreds could *easily*
> simulate many hundreds of thousands of routers, while server farms cab be injected at appropriate points to simulate 
> the "local networks" residing
> on these routers.


What they don't allow one to do is to launch attacks and test their effects on actual, modern, hardware-based routers 
and layer-3 switches.

The viability of software-based Internet edge routers ended 7-8 years ago; any organization still relying on 
software-based edge routers can be taken down with a trivial DDoS attack, so no stress-testing of such architectures is 
really required, heh.

Also, the use of software-based routers/switches limits the attack bandwidth (bps) and throughput (pps) which can be 
utilized; this seriously limits the scope of resilience testing with regards to DDoS attacks.

On a side note, I've generally found that non-ironic use of the appellation 'cyber-' to be inversely proportional to 
actual security clue.  Therefore, I'd urge the really smart folks at Breakingpoint and other knowledgeable folks to 
avoid using the term 'cyber-range'; 'attack lab', 'testbed', et. al. are more descriptive and accurate, and don't carry 
the taint of Big Security hand-waving.

;>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

                The basis of optimism is sheer terror.

                          -- Oscar Wilde

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave