Monitoring of Cyber Security Exercise Environments in Cyber Ranges : with an implementation for CRATE / Övervakning av spelmiljöer i cyberanläggningar : med en implementation för CRATE

Sjöstedt, Matildha

January 2021

In a world where much of society is dependent on digital infrastructure, various cyber threats can pose a great risk to businesses, critical infrastructure and potentially entire nations. For this reason, research and education as well as the preparation of strategies,  training of personnel etc., is imperative. Cyber ranges can provide ''safe environments'' in which for example cyber security exercises and experiments can be conducted. While easier to deploy and configure than ''real'' infrastructures, monitoring of such environments during ongoing exercises/experiments poses a number of challenges. During this thesis work, the question of what types of data and information could be relevant to provide in a monitoring system for this context was investigated, with regard to aspects such as providing technical support or gaining situational awareness during exercises. Results gained from a survey with participants from relevant organizations, contributed greatly to this question. The survey and literature study also provided insights into challenges and potential problems of developing and running such monitoring. CRATE is a cyber range developed and maintained by the Swedish Defence Research Agency (FOI). In this thesis work, some of the challenges and potential problems found are tackled with a suggested design and an implemented monitoring system prototype for CRATE. Apart from providing functionality to retrieve information about accounts and privileges as well as status of services, the design of the prototype also lays the foundation for a flexible and extensible monitoring system -- fully adapted for use within a cyber range. With cyber exercises becoming both more prevalent and extensive, the need for capable monitoring of exercise environments will naturally arise. While the developed prototype may facilitate future cyber exercises/experiments in CRATE, the results of this thesis work are also ready to be used as a source of inspiration for other cyber range operators.

cyber range

monitoring

CRATE

cyber security

cyber security exercises

virtual machine

cyberanläggning

övervakning

CRATE

cybersäkerhet

cybersäkerhetsövningar

virtuell maskin

Information Systems

Software Engineering

Programvaruteknik

Automating software installation for cyber security research and testing public exploits in CRATE / Att automatisera mjukvaruinstallationer för cybersäkerhetsforskning och testandet av publika angreppskoder i CRATE

Kahlström, Joakim, Hedlin, Johan

January 2021

As cyber attacks are an ever-increasing threat to many organizations, the need for controlled environments where cyber security defenses can be tested against real-world attacks is increasing. These environments, called cyber ranges, exist across the world for both military and academic purposes of various scales. As the function of a cyber range involves having a set of computers, virtual or physical, that can be configured to replicate a corporate network or an industrial control system, having an automated method of configuring these can streamline the process of performing different exercises. This thesis aims to provide a proof of concept of how the installation of software with known vulnerabilities can be performed and examines if the software is vulnerable directly after installation. The Cyber Range And Training Environment (CRATE) developed by the Swedish Defence Research Agency (FOI) is used as a testbed for the installations and FOI-provided tools are used for launching automated attacks against the installed software. The results show that installations can be performed without Internet access and with minimal network traffic being generated and that our solution can rewrite existing software packages from the package manager Chocolatey to work with an on-premises repository with an 85% success rate. It is also shown that very few publicly available exploits succeed without any manual configuration of either the exploit or the targeted software. Our work contributes to making it easier to set up environments where cyber security research and training can be conducted by simplifying the process of installing vulnerable applications.

cyber range

software installation

cyber security

CRATE

exploit testing

automation

cyberanläggning

mjukvaruinstallation

cybersäkerhet

CRATE

angreppstestning

automatisering

Software Engineering

Programvaruteknik

Computer Sciences

Datavetenskap (datalogi)

Strengthening Cyber Defense : A Comparative Study of Smart Home Infrastructure for Penetration Testing and National Cyber Ranges / Stärkning av cyberförsvar : En jämförande studie av smarta heminfrastrukturer för penetrationstestning och nationella cyberanläggningar

Shamaya, Nina, Tarcheh, Gergo

January 2024

This thesis addresses the critical issue of security vulnerabilities within the Internet of Things (IoT) ecosystem, with a particular emphasis on everyday devices such as refrigerators, vacuum cleaners, and cameras. The widespread adoption of IoT devices across various sectors has raised significant concerns regarding their security, underscoring the need for more effective penetration testing methods to mitigate potential cyberattacks. In response to this need, the first part of this thesis presents an approach to creating a penetration testing environment specifically tailored for IoT devices. Unlike existing studies that primarily focus on isolated or specific device testing, this work integrates various common household IoT appliances into a single testbed, enabling the testing of a complex system. This setup not only reflects a more realistic usage scenario but also allows for a comprehensive analysis of network traffic and interactions between different devices, thereby potentially identifying new, complex security vulnerabilities. The second part of the thesis undertakes a comparative study of cyber range infrastructures and architectures, an area relatively unexplored in existing literature. This study aims to provide nuanced insights and practical recommendations for developing robust, scalable cyber range infrastructures at a national level. By examining different frameworks, this research contributes to the foundational knowledge necessary for advancing national cybersecurity defenses. Overall, the findings from this research aim to contribute to improving IoT security and guiding the development of robust national cyber range frameworks. / Denna avhandling tar upp de säkerhetsbrister som finns inom det ekosystem som omfattar Internet of Things (IoT) enheter, med särskilt fokus på vardagliga apparater som kylskåp, dammsugare och kameror. Den stora spridningen av IoT-enheter inom olika sektorer har väckt många säkerhetsfrågor, vilka betonar behovet av effektivare metoder för penetrationstestning för att förhindra möjliga cyberattacker. För att möta detta behov presenterar den första delen av avhandlingen en metod för att skapa en penetrationstestningsmiljö särskilt anpassad för IoT-enheter. Till skillnad från tidigare studier, vilka främst fokuserar på enskilda eller specifika enhetstestningar, kombinerar detta arbete olika hushållsapparater i en enda testbädd, vilket möjliggör testningen av ett komplext system. Detta upplägg speglar inte bara en mer realistisk användningssituation, utan tillåter också en mer omfattande analys av nätverkstrafik och interaktioner mellan olika enheter, vilket potentiellt kan identifiera nya, komplexa säkerhetsbrister. Den andra delen av avhandlingen genomför en jämförande studie av cyberanläggningars infrastrukturer och arkitekturer, ett område som är relativt outforskat i befintlig litteratur. Denna studie syftar till att ge insikter och praktiska rekommendationer för att utveckla robusta, skalbara infrastrukturer för cyberanläggningar på nationell nivå. Genom att undersöka olika ramverk bidrar denna forskning till den grundläggande kunskap som behövs för att förbättra nationella cybersäkerhetsförsvar. Sammanfattningsvis syftar resultaten från denna forskning till att förbättra IoT-säkerheten och vägleda utvecklingen av robusta nationella ramverk för cyberanläggningar.

IoT Devices

Penetration Testing

Network Traffic Analysis

Cyber Range

Infrastructure

Architecture

National Development

Security Vulnerabilities

IoT-enheter

Penetrationstestning

Nätverkstrafikanalys

Cyberanläggning

Infrastruktur

Arkitektur

Nationell utveckling

Säkerhetssårbarheter

Computer Engineering

Datorteknik