Chapter 01: Introducing

Cyber Range
Introduction
It is very important to understand the basic concepts about any technology. In this
chapter, we will get a detailed understanding of what exactly is a cyber range and its
many definitions, a brief about its history and the types of cyber ranges deployed.
We will also understand more the requirement for a cyber range and also help the
user to understand the key elements and benefits and the different teams required
and their roles.

Structure
In this chapter, the following topics to be covered:
 Defining a CyberRange
 Teams
Objective
The key takeaway from this chapter is that a user would have a clear
understanding about a cyber range, its use and how it has evolved over time. The
reader would also get a clear understanding of existing definitions used across
the world from the government and private sector cyber range players along
with the key benefits types of teams required along with types of deployments.

Defining a Cyber-Range
The twenty-first century has us moving to a digitally interconnected connected
world. Our dependency on technology is increasing exponentially with time and we
are surrounded with interconnected devices like automated driverless cars, to smart
cities, smart lighting, smart power generation etc. This change is resulting in every
end point we consume being represented by an IP (internet Protocol) address.
This is resulting is huge consumption of the Internet and giving rise to remote
connectivity and control. The quantum of data flowing has also grown
exponentially. This could mean commercial business for many, but will also result in
the increase of cyber-attacks as more and more end-point devices are being exposed.
This would result in an increase demand for trained cyber security professionals.

Before we go deeper into a Cyber range, let us have a quick understanding of how
cyber boundaries have moved beyond the physical boundaries over the last few
decades. We come across a term ‘Cyberspace’, which became popular in the 1990’s
and ‘Cyber Terrain”. Cyberspace, is described as a widespread, interconnected
digital technology and is now synonymous to anything being associated with the
internet. The US Joint Publication 3-12R1 says that “Cyberspace is a global domain
within the information environment consisting of the interdependent network of
information technology infrastructures and resident data, including the Internet,
telecommunications networks, computer systems, and embedded processors and
controllers.”

It is very important to understand Cyberspace, as it does not exist on physical

landmarked boundaries, and is boundaryless, and it is important to protect and
secure your cyberspace.

In a military doctrine, we refer to terrain as areas which, if seized or captured would

provide advantages to the attacker or the defender. When applied to geographic
terrain it could be a hill overlooking a valley which the enemy wants to control or a
bridge over a river that must be traversed before launching an attack. The
dominance of key terrains is likely to decide the overall outcome of a battle. Cyber
key terrain is somewhat similar to a geographic key terrain but there are also some
significant and often counterintuitive differences. Cyber Terrain11, is defined as those
physical and logical elements of the domain that enable mission essential
warfighting functions. The elements which constitute key cyber terrain are best
determined by situating them in a context that includes operational and threat as
well as technical aspects. It is also important to know your own terrain so that you
are able to create strong defenses to protect it. These would help organizations create
stronger networks and applications and making it difficult for hackers.

Threats in cyberspace are growing, and the threat landscape contains information
about attack vectors and threat agents. Hackers can exploit these weaknesses and/or
vulnerabilities and compromise the system. Cybercrime, espionage, terrorism,
vandalism & warfare are some of the driving motivational factors of a common
threat model. Let us look at each of these to get to understand their connection to a
Cyber Range.

 Cyber vandalism encompasses hacking and hacktivism

 Cyber-crime covers criminal acts/activities committed against networks
and information system
 Cyber espionage, is the modern reconnaissance done remotely/
electronically of competitors etc..
 Cyber terrorism, the act of terrorism to compromise critical infrastructure
networks and their controls.
 Cyber warfare, is the modern warfare of compromising and raging a war
against a state/s with cyber operations being a part of the military
operations.

Threats and vulnerabilities coexist and are interlinked. The threat of a physical
network hardware/software, element being compromised by a vulnerability is what
we need to protect. Threat is a cyber event which may occur and is numerically
represented. This numeric value reflects the probability of its occurrence.
Vulnerability could be existing vulnerabilities, or resulting due to process or
technologies or due to a human action. We quantify Risk, as the expected value of
the damage. These threats, vulnerabilities and risks need to be managed and
protected by a team of experts. The challenge here is that the cyber security industry
has been seeking negative employment, with demand for people with the right skill
sets exceeding the supply of available people. With new innovations and adoption of
cloud technology, it is becoming more critical and concern for business to safeguard
themselves from cyberattacks. “ The world will have 3.5 million unfilled
cybersecurity jobs by the end of 2023.” as reported by Cybersecurity Ventures2 in
their article. This leads to the fact that organizations are wanting to move more
towards automation and effective usage of existing manpower.

Let us look back into history to understand more about networking. Ethernet was
invented in 1973 by Bob Metcalfe while he was working at Xerox PARC. In 1975
Xerox PARC patenting the technology. Metcalfe and others then finalized and
created the open Ethernet standard in 1980. By 1985 it had become an IEEE standard.
An industry was born, and Ethernet was ready for its meteoric rise. Metcalfe also
founded network powerhouse 3Com in 1979 and working as a venture capitalist.
This created the stepping stone for networking globally.
In 1971, Bob Thomas made history by creating a program which is widely accepted
as the first ever computer worm. This program/worm bounced between computers,
which was ground breaking. It was not at all malicious and displayed the message
on any infecting screen stating, “I’m the creeper: catch me if you can.”. The First
Denial-of-Service (DoS) Attack happened in 1988, which was a computer worm
created by Robert Morris, and it slowed the early internet down significantly. In
1989, Jospeh Popp, created the first ransomware attack, a Malware called the AIDS
Trojan. His intent was to extort money out of people, similar to modern ransomware
attacks. In 1990, The Computer Misuse Act was passed in the United Kingdom. In
1998, Windows 98 was launched with a whole new level of accessibility for people.
This paved the way for software security systems to be common with Windows
releasing patches and also the creation of many security vendors who released anti-
hacking software for home computer usage.

In the past two decades, the use of technology, and specially deployment of large
networks and moving to the cloud has increased. This has made it important for
organizations to create stronger secured environments and also have trained security
professionals to manage their networks. The rise of cybercrime and cyberattacks
have exponentially increased. At the time of writing this book, the work from home
culture as expanded resulting in exposure of new attack surfaces and additional end
points and networks. This increase has led to organizations wanting to simulate
their environments before moving to a production environment and also to train and
upgrade skill sets of their cyber security professionals.

Keeping the above in mind will help us to understand the need and advantages of a
cyber range and also help us to understand our requirements. Let us hover around
the origin of the cyber range. It has been there for quite a time. In June 2011, BBC
published a news item “ US builds net for cyber war games3”, which articulated that “
Several organisations, including the defence company Lockheed Martin, are working on
prototypes of the "virtual firing range". In 2014, it was reported that Lockheed4 had
develops tools to fight viruses. It stated “ The secret electronic system, known as the
National Cyber Range, is being operated by an Orlando-based Lockheed unit and financed by
the Army's Orlando simulation and training contract agency.”

In 2012, NIST created a Cyber range guide5 which captured the essence of a cyber
range. The fundamentals of creating it remain the same, but advancement in
technology and its usage and deployment have evolved over time. They have
defined this a key tool which can be used to reduce the gaps in skill for cyber
security professionals. Cyber ranges are simulated environments which need to be
interactive and be capable to simulate environments relevant to the user. It would
need to have basic and advanced environments which help the user to learn about
attacks of the past, present and prepare them for future attacks.

There a number of definitions of a Cyber-Range, but simply put, it is a virtual

environment which is used for training, simulation of real-time environments and
cybertechnology development. The Cyber-Range is also used by organizations to
simulate a near live environment of their networks and simulate different use cases
to see its possible performance in a real time environment. Organizations prefer
using these as neither is it practical nor feasible to buy expensive hardware and
software and creating a near live environment or train their IT & Security
professionals.

Cyber ranges are virtual controlled environments where organizations can create
their own operational conditions for defense and possible attacks helping them to
create stronger robust systems and networks resulting in lower failures. They are
created to be isolated enabling security engineers and researchers and security
practitioners to use it to practice their skill set with new technologies and also learn
their nuances.

Cyber ranges can be deployed on premise or on the cloud. Traditionally these ranges
were developed on premises, but on-prem ranges can be expensive to build and
maintain and may not be able to cover the realities of cloud architecture. With cloud
technology, organizations can deploy them on a shared cloud or a dedicated cloud
or even their own personal cloud or a mix of hybrid cloud. Cyber range can be
defined as a platform or a simulation environment.

The simulated environment, is the traditional approach, which is a simulation of

Information and Operational Technologies environments. This has been the
interpretation provided by NIST(https://www.nist.gov/document/cyber-range-
guide). NIST defines cyber ranges as: “an interactive, simulated representations of an
organization’s local network, system, tools, and applications that are connected to a
simulated Internet level environment. They provide a safe, legal environment to gain hands-
on cyber skills and a secure environment for product development and security posture
testing. A cyber range may include actual hardware and software or may be a combination of
actual and virtual components. Ranges may be interoperable with other cyber range
environments. The Internet level piece of the range environment includes not only simulated
traffic, but also replicates network services such as webpages, browsers, and email as needed
by the customer.”
On the other side we have a Platform, which can be a group of technologies which
can used to create a simulation environment. The European Cyber Security
Organization (ECSO) defines this as (https://cybersec4europe.eu/wp-
content/uploads/2020/09/D7.1-Report-on-existing-cyber-ranges-and-requirement-
specification-for-federated-cyber-ranges-v1.0_submitted.pdf) :
“A Cyber Range is a platform for the development, delivery and use of interactive simulation
environments. A simulation environment is a representation of an organisation’s ICT, OT,
mobile and physical systems, applications and infrastructures, including the simulation of
attacks, users and their activities and of any other Internet, public or third-party services
which the simulated environment may depend upon. A cyber range includes a combination of
core technologies for the realisation and use of the simulation environment and of additional
components which are, in turn, desirable or required for achieving specific cyber range use
cases.”

Traditionally large military and large commercial organizations used these

expensive, large investment virtual environments for testing their infrastructure and
security technologies. This would be ideal or feasible for any organization due to the
exorbitant costs and continuous changing technology. Any organization wishing to
deploy a Cyber range, should identify their requirements and also that of the cyber
range. It is important and essential for them to look into the aspects of their mission
critical applications and their availability and capability to be hosted in a virtual
environment. In short, the modern-day cyber range, is an important and essential
platform required for every organization, to enable them to get a better
understanding of their networks and help enhance the skill set of their security
practitioners. These traditional cyber ranges helped the organization to study its
effectiveness of its cybersecurity technologies and manage their configuration and
administration. What was missing was the last line of defense, SOC analysts and
Incident response professionals. What was also missed was the effectiveness to
upgrade technology and be prepared and trained to defend due to costs and lack of
trained professionals.

The traditional cyber range has evolved over time to the Next-Gen cyber range with
a focus on the gaps of the traditional cyber range. The next-gen cyber range focusses
on people in the Security Operation Centre (SOC) and aims to replicate the
organizations SOC as a virtual SOC. It is customised to an organization’s
infrastructure with limited licensed versions of tools the SOC analyst may be using,
and mimics a real-world SOC environment. This enables the leadership in
organizations to evaluate their SOC analyst’s skills. The next-gen cyber range
includes a dedicated network that can emulate an organization's network. The
virtual network environment is injected with traffic to simulate user emails, web-
surfing, server communications, and other network operations. This ensures that
SOC analysts can see how a real-world cyberattack affects an organization's network
operations and plan accordingly.

Modern day cyber ranges, are cloud based and customizable and allow companies to
design production and proprietary processes. They are easily deployable and
configurable and allow the organizations to test vulnerabilities and also prepare
their SOC analyst to be abreast with technology and also helps them improve their
cyber-attack detection, response, and remediation, and addressing the cybersecurity
skills shortage.

The followings are some of the key benefits that organizations can derive from a
cyber range:

 A training platform for in-house cyber security teams

 An environment to improve team work and team capabilities
 An environment which can be effectively used to replicate a near-live
network and help the team to identify possible vulnerabilities
 An environment to try and test new ideas or technologies before deployment
and their capabilities
 Understanding of counter-cyber warfare
 Real-time feedback on skills and gaps of employees
 Security testing, where system and application simulations are tested and
security attacks are carried out against them, in a controlled way, to identify
potential vulnerabilities before deployment and use.
 Development of cyber capabilities of security professionals and provide
advanced training environments
 Development of Cyber Resilience of an organisation and provide them an
ability to respond and be able to sustain a security incident or cyber-attack
while maintaining its ability to deliver its core business services.
 Recruitment, to test their capabilities of new employees before they are
employed

Over the past last two years, a lot of efforts have been done by organizations
globally, especially in the productizing of cyber range technologies and also
initiatives taken both nationally and internationally. Some of the key drivers which
are responsible for this growth are as follows:
  Cyber being recognized as a separate domain of warfare
 Widespread adoption of cloud technology
 Increase in number of cyber-attacks and their frequency
 Domain focused cyber attacks
 Need for the protection of organization/ national cyber spaces and cyber
assets
 Ever evolving and changing technology and need to train and prepare your
cyber defenses
 Different faces of attackers with dedicated focussed attacks on acting as a
major enabler for cyber ranges to develop
 Ability to emulate new technologies and test technologies at the shortest
period of time and costs
 A better understanding of your cyber terrain and ability to emulate it before
putting the network into production
 Having training modules which meet the organizations requirements

One can see the importance of the Cyberrange and its requirement in the present-
day scenario. The user should identify their requirements and map those to the
Cyberrange platform before deciding to procure one.

We have now a clear picture of the cyber range and clear why we need one. Before
moving forward, we need to also identify who would be the users and their
respective roles.

As per a survey done by European Cyber Security Organisation (ECSO)12, there is no

generic universal certifications for cyber ranges or the facilities or staff etc..End users
find it hard to compare the features, functionalities, capabilities and capacity of a
cyber ranges, due to no standardisation available.

A cyber range, as the name suggests is comparable to a shooting range or a firing

range. Ranges can vary depending on the need of the user or number of users it can
support. They can also vary in terms of capabilities, like what kind of training or
exercises can they support. Let us look at the taxonomy of a Cyber range as depicted
in Figure 1.1.
 Figure 1.1 Cyber range taxonomy

Cyber ranges can either be simulated or emulated environments13, and can be shared
many similarities of use cases to assist in developing individuals’ skills and
knowledge, arranging competitions and exercises for individuals or groups of
people from one or more organisations or companies or countries. The cyber ranges
could be static during an event, or they may include moving targets.

We can identify three types of Cyber Ranges as follows:

1. Physical Cyber Ranges: as the name suggests it is a physical cyber range. We

create a testbed of a network or computing infrastructure and often use real
components of the reference infrastructure. This typology is one of the best
for gaining experience and gathering results with the aim of improving the
defences of a given infrastructure. The major disadvantages it has is of being
less rigid and less flexible, as any modification would require recreating a
new Cyber Range along with being very expensive to set-up including cost of
infrastructure. It is very difficult to find examples of testbed with respect to
the real-word target infrastructure, both because of the difficulty of
implementation and due to the fact that creating such structures require
disclosure of business secrets etc.
2. Virtual Cyber Ranges: everything here is simulated in a virtual environment
using virtualisation technologies and obtain testbeds of different complexity.
 The main advantage here is that the components needed to build it can be
found easily and that too at a relatively low cost. One can aim to get higher
degree of flexibility with scalability in the ever-dynamic simulated
environment. The major drawback here is the user would not get an
experience very similar to the real one.
3. Hybrid Cyber Ranges: We refer to this as ‘Cyber-Physical Ranges. Here the
topology is a hybrid of Physical and Virtual cyber ranges. It combines the
positive aspects of both approaches and provides the flexibility of a virtual
environment and a new real environment resulting from the use of real-word
hardware components.

There can be ‘Specialised Cyber Ranges’ too. These specialised cyber ranges can be
based on the use cases or events or capabilities and capacity. The technical aspects
governing them would be the computing power, memory, hard disk capacity,
network topology, operating systems and applications. As an example, a cyber range
may require the person to be physically present and may just have a limited number
of people allowed to participate as compared to another one which may allow
remote access to its users. A highly specialised “small” cyber range could cope with
a modest capacity and capability, but for a large and realistic environment, one may
require considerable investments in terms of hardware and software licences to be
able to provide a near realistic training or exercise environment. You could also have
situations where you could interconnect multiple cyber ranges. One of the key
advantages for this would be reduced costs, more scenarios to work on and larger
team interactions, one could easily see which cyber range offers the end user meet
their goals or what cyber ranges can be interconnected to meet the overall goal. One
should note that for interconnection between cyber ranges one should evaluate
interoperability and internet connectivity.

Depending on the objective one can choose a cyber range meeting their requirement.
Once the cyber range has been identified the next step is to understand the teams. In
the following section we would discuss users and teams.

Muhammad Mudassar Yamin, Basel Katt & Vasileios Gkioulos in their research
paper Cyber ranges and security testbeds: Scenarios, functions, tools and architecture 13 has
proposed an initial taxonomy to classify cyber ranges diagrammatically. We have
added a new team called the Purple Team as per modified taxonomy.
Teams
It is not that every user needs to be trained or not trained. As a basic, it is important
to ensure that employees are clearly aware of the basics of cyber security principles
and trained for being able to understand the elements to ensure that the entire
ownership of security is not on the security team only.

At the same time, it is important to identify the teams and team members for
different roles and responsibilities. It is also important for the security professional
to approach the environment and understand the cyber terrain, irrespective of the
team they are in. Not every cyber range is open or meant to be used by every
category of user.

We can classify the Cyber Range users into four user groups as follows:

 Students: who would use the Cyber Range to apply their theoretical
knowledge in a simulated network environment to improve their cyber
skills and working as a team for solving cyber problems along with
gaining knowledge and preparing for Cyber Security Certifications
 Educationist: who use the Cyber Range to teach and for evaluating their
students
 Professionals: would could belong to different groups wanting to improve
their skills.
 Organizations: who would use the Cyber Range in evaluating their own
proficiency, training and enhancing skill sets of their team along with
testing new methods before deployment into production

Let us refer to Figure 1.1, Cyber Range Taxonomy. As we can see there are multiple
teams mentioned here. For a Cyber Range exercise, we would involve several teams
with distinct and in some cases conflicting roles. The traditional team names used
are as follows:

 Red team: This team plays the role of attacker (malicious users). Their task is
to infiltrate and try to break the security of the given infrastructure by
compromising a specific resource or a accessing a specific data or
compromising a specific resource.
 Blue team: This team has been assigned the task of defending, which also
includes verify the security of the existing applications and infrastructure in a
limited amount of time.
  Green team: This is the team which is responsible for the exercise
infrastructure. Their responsibilities include configuring the entire cyber
range infrastructure (network devices and applications), virtual elements,
monitoring and scoring infrastructure. They are also responsible for
monitoring the health of the Cyber Range and fixing any crashes and
infrastructure issues if needed.
 Yellow team: This team is assigned the task to improve realism in the
scenarios, during the action and make legitimate interactions with the
environment which can be partially simulated by the use automatic tools.
 White Team: This team is assigned the responsibility for the design and
construction of the scenario used for the exercises. They act as the supervisor
on exercises involving attack and defence paradigm, establishing the final
score. As supervisors, it is essential for them to ensure that the exercise is
conducted according to the scenario and according to the objective.
 Purple team: They are a part of the Autonomous teams. Purple teaming is the
collaborative function performed by Red Teams and Blue Teams; and a new
approach to collaborative testing and remediation. They are responsible for
information and to maximize the effectiveness of the Red and Blue teams.
They perform the communication role between multiple exercises teams,
which increases the effectiveness of the Red team in the attacking exercise and
increases the capability of the Blue team in defending. The goal is aimed at
reducing the mean time to remediation for reported risks and vulnerabilities.
 Orange Team: They assign different technical tasks to blue team members
during the exercise. The Blue team members earn points if they are able to
successfully complete the tasks.
 Yellow Team: They simulate the behaviour of normal users who would be
using the infrastructure created by the green team. They perform tasks like
generating legitimate network traffic which can be used by red and blue
teams in attack and defense.

We have now got a fair idea of different teams and their roles. This would help us to
plan the teams required for a Cyber Range with clear cut roles and responsibilities.
Apart from this we need to be aware of the tools the teams should have to carry out/
accomplish their tasks.

 Red tools: Red team members are the attackers. We need to enable them with
attack tools, such as scripts for exploitation, malware or backdoor to inject
targets, products for interception of data flows, abnormal traffic generators,
 deviation emulators, fuzzing tools, Fuzz testing for discovering zero day
vulnerabilities, API fuzzing tools, SCA tools to help analyse vulnerable
components in applications, tools for active & passive intelligence gathering,
frameworks, weaponization, staging, lateral movement, escalation privileges,
data exfiltration etc. They need to be fully enabled and updated with new
technologies and techniques to enable them to launch attacks. You can get
more details from Red Teaming/Adversary Simulation Toolkit 14 and Pen
Testing tools15
 Blue tools: Blue team members are the defenders. They need to be enabled
with the tight set of tools to enable them to perform their tasks. One needs to
ensure that they have tools for performing security analysis, incident
management, log file analysis, digital forensics, analysers of vulnerabilities,
Vulnerability prioritizing tools, monitoring tools, sandboxes and so on. You
can get more details from Blue-Team-Tools16 and also SANS Faculty Free
Tools17
 Yellow tools: These are tools required to manage the security, improve
defense perimeter or internal, like Intrusion Detection Systems (IDS) or
Intrusion Prevention Systems (IPS), firewalls, antivirus, antimalware, systems,
etc.
 Green tools: These are meant for Infrastructure Monitoring like Hypervisors,
Routers, and so on.
 White tools: There are not many tools in this space as mostly all exercises are
conducted in their specific closed environments. Exito, EXercise event
Injection Toolkit18 is an open source tool. There are some more commercial
tools available in the industry and some of them are custom created for the
users.
 Purple tools: There are not many tools for this activity. During my research I
came across PlexTrac and Harmony Purple as possible tools.

Now we have a fair understanding of a cyber range, its needs and how it can help us
and also about the different roles and functions. Let us now look at a simple cyber
range exercise.

A simple cyber range exercise

A basic understanding of a Cyber Range and the teams and their roles has been
explained in the previous sections. Any organization or individual can use some of
the open source tools or any existing tools available to create a simple cyber range.
The exercise would differ based on the organization requirements and objectives.

The figure 1.2 below depicts a simple logical visualization of cyber range

Figure 1.2: Logial Visualization of a Cyber Range………

 The Framework would define the users access to the Cyber Range and be able
to realize the capabilities to support training and training activities to
individual and team training.
 The Event management dashboard is the interactive tool for the administrator
to be able to manage and monitor the Cyber Range and its events.
 Training scenarios are the different simulated trainings available for the users
to practise on. It consists of a mix of hardware, software and the operating
environment required during a training session.
 The Tools, provides the users of the Cyber Range a set of state-of-the-art
attack and defense tools. These can be used both in training and in real testing
of equipment and systems.
 Traffic Generator simulates, standard traffic of the infrastructure
 The Connector allows one to integrate traditional architecture of the Cyber
Range and extend it towards a different schema, called the hybrid Cyber
Range architecture. The purpose is to insert hardware items into the
simulated scenario and extend functionalities or scenarios.
  The Virtualization and Hardware Infrastructure are responsible for the
software and hardware layer which implement and guarantee adequate
performance.

Cyber Range is developed using and integrating different technologies such as

JAVA, Python, PowerShell, or VMware. Let us create a simple and easy exercise to
get an understanding. This would not be a full-blown cyber range which is
discussed in future chapters, but an abridged version as listed here.

 Define the objective: It is very important to define the objective/s of the

exercise/s and its/their outcome. This would help the user to be able to define
and create the scenarios and learnings. It is important to be clear on the
outcome as the hardware and software requirements would depend on it.
 Team members and participants who would be participating as it would help
in the sizing of infrastructure.
 Hardware: Designing and implementing a Cyber Range on a virtualized
infrastructure allows us to deploy and adopt different features such as the
number of participants, difficulty levels of the challenges, diversity of the
challenges, number of servers or virtual machines etc. . All kinds of
participants (Red Team, Blue Team, Instructors etc.) would have a dedicated
area in the platform to use. Ideally it would be good to use physical servers
where it can be possible to virtualize real environments.
 Software and appliances: Here we need Web Application Firewalls, OS,
appliances, traffic generators etc..
 Scenarios: It should be clear to identify the scenario based on the objective. In
our example we are having a clear objective of a basic network.

In our case we will take a simple network.

This network consists of four subnets called Server Room, Development

environment, Sales Room and Control Room. Each subnet connects
computational nodes (e.g., servers and laptops In the Server Room Network,
there are three nodes one characterized by a specific operating system, while the
others contain a vulnerable service and a malware. In the Development
environment, five laptops are connected, two of them are accessible via remote
shell, and a cell phone that can move into the sales Room network. The sales
room network contains a host with file server functions (i.e., SMB service). The
Control Room Network contains a personal computer with active antivirus
 software and another PC that contains the data to defend (the “flag”). The
environment would look like figure 1.3 below.

Figure 1.3:Network overview Cyber Range…….

The blue team is to perform its defense task within this perimeter for a certain
period of time. They need to harden and create a strong line of defense and
protect the network from any attacks. Post that it stops and switches to offline
status. The red team, would act after the blue team. They are limited to access the
public subnet only. The task given to the red team is to steal the data and/or
penetrate into the internal network, exploit pivoting and lateral movement
techniques to reach the target node. The other teams if available would perform
their respective functions.

One can easily create similar environments for self-learning purposes. Now we
have a clear idea of a Cyber range, cyber range teams and a basic scenario. In the
next chapter we would cover the need of a cyber range, users and use cases.

Conclusion
 The key takeaway for the reader in this chapter is a key understanding of cyber
ranges used by the government, education and private sector players. The reader
would also get a clear picture on the benefits and types of deployment and the
skillsets of members required.

In the next chapter, we would cover the need of a cyber range and how
organizations can benefit from it. We will also go into more depth of different
teams required and some use cases.

Questions

1. Define a Cyber Range?

2. Name the different types of deployments of a cyber range and explain the
difference in each of them?
3. How many types of Cyber range teams are there?
4. What are the roles of each team?
5. What are the different types of tools used in a cyber range and what is the
difference in each category of tools?
6.

Key Terms

1. Cyber vandalism encompasses hacking and hacktivism

2. Cyber-crime covers criminal acts/activities committed against networks and
information system
3. Cyber espionage, is the modern reconnaissance done remotely/ electronically
of competitors etc..
4. Cyber terrorism, the act of terrorism to compromise critical infrastructure
networks and their controls.
5. Cyber warfare, is the modern warfare of compromising and raging a war against a
state/s with cyber operations being a part of the military operations
6. A cyber range, as the name suggests is comparable to a shooting range or a firing
range.

7. Physical Cyber Ranges: as the name suggests it is a physical cyber range. We

create a testbed of a network or computing infrastructure and often use real
components of the reference infrastructure.
 8. Virtual Cyber Ranges: everything here is simulated in a virtual environment
using virtualisation technologies and obtain testbeds of different complexity.
9. Hybrid Cyber Ranges, are referred to as ‘Cyber-Physical Ranges where the
topology is a hybrid of Physical and Virtual cyber ranges.
10. Red team is the team that plays the role of attacker (malicious users).
11. Blue team it the team which has been assigned the task of defending the
infrastructure.
12. Green team is the team responsible for the exercise infrastructure.
13. Yellow team, the team assigned the task to improve realism in the scenarios.
14. White Team are assigned the responsibility for the design and construction of
the scenario used for the exercises.
15. Purple team are a part of the Autonomous teams.
16. Orange Team are assigned different technical tasks to blue team members
during the exercise.
17. Yellow Team are responsible to simulate the behaviour of normal users who
would be using the infrastructure created by the green team
18. Red tools are tools used by Red team members who are the attackers. These
are attack tools.
19. Blue tools are used by Blue team members and are used for defense.
20. Yellow tools are tools required to manage the security, improve defense
perimeter or internal, like Intrusion Detection Systems (IDS) or Intrusion
Prevention Systems (IPS), firewalls, antivirus, antimalware, systems, etc.
21. Green tools are meant for Infrastructure Monitoring like Hypervisors,
Routers, and so on.
22. White tools are used to manage cyber exercises. Some of the tools here are like
EXITO.
23. Purple tools are used to assist in helping prioritize vulnerability management.
24. Traffic Generator which simulates required traffic for the cyber range.

Points to Remember

1. Cyber ranges and different types of deployment

2. Cyber range roles and responsibilities
3. Tools used by different types of users in a Cyber Range

Further Reading
1. https://www.eve-ng.net/
2. https://cyberx.tech/free-cybersecurity-tools/
3. https://docs.gns3.com/
4. https://tcipg.org/
5. https://www.freeprojectz.com/projects-download/major-final-year
6. https://www.cbtnuggets.com/blog/career/career-progression/5-best-network-
simulators-for-cisco-exams-ccna-ccnp-and-ccie
7. https://tldp.org/HOWTO/Linux-Gamers-HOWTO/x809.html
8. https://www.saashub.com/eve-ng-alternatives
9. https://www.802101.com/virtualization-battle-eve-ng-vs-virl/
10. https://xorc.io/
11. More on cyber terrain - www.mitre.org/sites/default/files/publications/mapping-
cyber-terrain-13-4175.pdf
12. Cyber https://cybersec4europe.eu/wp-content/uploads/2020/09/D7.1-Report-on-
existing-cyber-ranges-and-requirement-specification-for-federated-cyber-ranges-
v1.0_submitted.pdf
13. Cyber ranges and security testbeds: Scenarios, functions, tools and architecture -
https://www.semanticscholar.org/paper/Cyber-ranges-and-security-testbeds%3A-
Scenarios%2C-and-Yamin-Katt/cf1c777d00eb4429ff28334ca02ebad08b27e5f6?
14. Red Teaming/Adversary Simulation Toolkit- https://github.com/infosecn1nja/Red-
Teaming-Toolkit
15. Pentest Tools - https://github.com/topics/pentest-tools
16. Blue-Team-Tools - https://github.com/dcarlin/Blue-Team-Tools
17. SANS Faculty Free Tools- https://www.sans.org/img/free-faculty-
tools.pdf?msc=sans-free-lp
18. Exito- EXercise event Injection Toolkit https://sourceforge.net/projects/exito/
19. Accenture Cyber Range - https://www.accenture.com/us-en/services/security/cyber-
defense & https://builtin.com/cybersecurity/accenture-cyber-range
20. Accenture Cyber Range https://newsroom.accenture.com/news/accenture-expands-
cybersecurity-capabilities-with-network-of-cyber-ranges-to-help-industrial-
companies-simulate-and-respond-to-cyberattacks.htm
21. Arizona Cyber Warfare Range https://www.azcwr.org/ranges/on-site/
22. Arizona Cyber Warfare Range https://www.gpec.org/blog/exclusive-inside-look-
arizona-cyber-warfare-range/
23. Arkansas Cyber Range https://www.arkansasonline.com/news/2018/jan/30/school-
initiative-widens-to-cybersecuri-1/
24. Arkansas Cyber Range Features and Architecture of The Modern Cyber Range: A
Qualitative Analysis and Survey -
https://www.researchgate.net/publication/327835952_Features_and_Architecture_of_
The_Modern_Cyber_Range_A_Qualitative_Analysis_and_Survey
25. AIT Austrian Institute of Technology, https://cyberrange.at/
26. Baltimore Cyber Range- https://www.baltimorecyberange.com/
27. The Swedish Defence Research Agency (FOI) - https://www.foi.se/crate
28. Cloud Range- https://www.cloudrangecyber.com/
29. CRUD- Cyber Range at the University of Delaware- https://csi.udel.edu/
30. Cyberbit- https://www.cyberbit.com/
31. Cyber Czech- KYPO CYBER RANGE PLATFORM- https://crp.kypo.muni.cz/#start &
32. Silensec Cyberranges- https://www.silensec.com/about-us/cyberranges
33. Cyberranges scenarios https://cyberranges.com/scenarios/
34. Diateam HNS- https://www.diateam.net/what-is-a-cyber-range/
35. Field Effect- https://fieldeffect.com/products/cyber-range-security-training/
36. Florida Cyber Range- https://floridacyberhub.org/services/
37. Georgia Cyber Range- https://www.gacybercenter.org/services/cyber-range/
38. Kinetic framework- https://github.com/GeorgiaCyber/kinetic
39. IBM Cyber Range - https://www.ibm.com/security/services/managed-security-
services/security-operations-centers
40. Range Force - https://www.rangeforce.com/
41. Raytheon Technologies- https://www.raytheon.com/cyber/capabilities/range
42. VM2020- https://www.vm2020.com/cyber-vr
43. AWS Cyber rangehttps://github.com/secdevops-cuse/CyberRange
44. CybExer Technologies- https://cybexer.com/products/cyber-range
45. US Cyber Range- https://www.uscyberrange.org
46. Vector Synergy- https://cdex.cloud/cyber-range/