The development of online technology allows us to communicate and conduct business with people from all over the world. However, this also means that our business endeavours and communication channels can become vulnerable to attacks and all sorts of security issues. Therefore, it’s important to keep the staff educated in terms of detecting and tackling security problems that may occur at any time. This need lead to the creation of all sorts of cybersecurity training software solutions, however, the price, functionality, and application of these pieces of software are often a barrier for companies with limited resources. Recently, a breakthrough was made with CyRIS (Cybersecurity Education and Training Support System) that allows simplified, customizable training with limited technical knowledge requirements. This article is going to guide us through the specifics and the benefits of this software solution to cybersecurity education & firewall guide
To conduct a training session, the organizer needs to set up a virtual environment called “cyber range” which serves as a training ground for company staff. The main issue with cyber range creation is that it requires a highly skilled trainer to manually create an environment for each participant. Furthermore, the training content is constant which means one would have to manually create a cyber range for different training sessions like password cracking, port listening, DDOS attack, and other forms of security risks.
CyRIS is a software solution that allows automatic creation of training environment based on the organizer’s instructions. Per example, let’s say a certain company is conducting a cybersecurity training session for their staff. The trainer inputs different security breach instructions for various members of the staff and CyRIS automatically generates cyber range according to given instructions.
CyRIS is also a core component of CyTrONE which is a training framework that allows integration of CyRIS and Learning Management Software (LMS). It basically means that trainees use MLS to view training instructions, access the training environment created via CyRIS, and deliver answers to questions. Therefore, it’s easy to conclude that this software solution is intended for security specialists since CyRIS doesn’t include mechanisms for interaction with the training participants. However, any LMS option can connect with the training environment thanks to CyTrONE framework.
To create a cyber range that defines the training environment conditions, there are three types of settings:
Thanks to YAMIL data serialization standard, cyber range characteristics are defined using custom tags, which makes the instructions easier to input.
Now that we know what CyRIS represents and how the cyber range creation process flows, we should investigate the training potential of this innovative piece of software. It’s important to state that the functionality evaluation was conducted according to U.S. NIST Technical Guide to Information
Security Testing and Assessment. The Guide includes three basic forms of security testing:
To address each of these techniques, CyRIS provides sets of training environment setup and security content generation features according to technique requirements. Some of the features are used to approach more than one technique, depending on their specifics.
Training environment setup features include:
Security content generation features:
To place the use of these features into perspective we’ll take three sample techniques and describe how CyRIS helps in addressing these issues.
This is a simple training process, which requires participants to review a certain document by opening it and reading through its content. To perform the training session, the software uses the File copy feature that creates a copy of the original document and sends it to the user for inspection. Upon inspecting the document, the trainee can answer any questions regarding the document using LMS.
To perform network discovery training it’s necessary to configure network through the Network configuration environment setup feature. Besides, the installation of tools that the trainees will use during the Network discovery training is also required. Tool installation feature provides the participants with any tools they would need to use to conduct training.
For password cracking training session CyRIS provides two necessary features. Account management functionality allows the creation of a user account. The creation of a user account provides a playfield for password discovery since we don’t want to jeopardize an existing user account. To crack the password, we would require a tool able to perform such a task, which is why CyRIS uses Tool installation function to install cracking software like “John the Ripper” or some other tool.
To show the potential that CyRIS holds for large scale training session, we’ll review a performance evaluation experiment conducted on two levels. The first level experiment included basic training sessions created for 600 cyber range instances, while level 2 included some more demanding training for 300 teaching environments.
In both cases, the preparation and installation time took just a few minutes. The most time-consuming part of the experiment was the Cloning process, due to a large number of VM images that needed to be created for so many trainees, which took around 20 minutes on average for both Levels. Comparing to its closest competitor, Alfons, the most important benefit of CyRIS system is parallel cyber range creation method, whilst Alfons creates training environments subsequently. This means faster and less error-prone training preparation process.
Given the above information, we can conclude that CyRIS is a cybersecurity training support system that allows automated creation of training environment for multiple trainees. Its major benefits are the flexibility, low-cost, and extensive use of parallelism that allows fast setup and installation process. Furthermore, because the entire mechanism is developed with NIST Technical Guide for Information Security Testing and Assessment as a reference, it offers a broad array of training possibilities.
