Building Open Source Cyber Range To Teach Cyber Security

2021 ◽  
Author(s):  
Tomas Lieskovan ◽  
Jan Hajný
Keyword(s):  
Open Source ◽  
Cyber Security ◽  
Cyber Range

CYRAN

2016 ◽  
pp. 226-241 ◽  
Author(s):  
Bil Hallaq ◽  
Andrew Nicholson ◽  
Richard Smith ◽  
Leandros Maglaras ◽  
Helge Janicke ◽  
...  
Keyword(s):  
Cyber Security ◽  
Decision Process ◽  
Academic Institutions ◽  
Research Focus ◽  
Major Aspect ◽  
Threat Analysis ◽  
Scada Systems ◽  
Low Costs ◽  
The Creation ◽  
Cyber Range

Cyber Security of ICS/SCADA systems is a major aspect of current research focus. Cyber Ranges and Test-beds can serve as means of vulnerability and threat analysis of real SCADA systems with low costs. Significantly lacking from current research, is detailed documentation of the decision process and the potential difficulties that need to be considered when undertaking the creation of a Cyber Range (CR) in order to facilitate the capture of labelled datasets which is included in this paper. This paper makes several further contributions; a review of Cyber Ranges created by Academic Institutions that influenced the criteria in creating CYRAN, the De Montfort University CYber RANge. The article presents the design implementation, the process of creating effective rules of engagement, the management and running of a Cyber Range Event (CRE) with partners from Industry and Academia and the creation of labelled datasets.

scholarly journals Analysis to Determine the Scope and Challenging Responsibilities of Ethical Hacking Employed in Cyber Security

2018 ◽  
Vol 7 (3.27) ◽  
pp. 196
Author(s):  
R Vignesh ◽  
K Rohini
Keyword(s):  
Open Source ◽  
Cyber Security ◽  
Data Security ◽  
Test Section ◽  
Electronic Devices ◽  
Penetration Testing ◽  
Online Systems ◽  
Secret Information ◽  
The Media ◽  
Free Open Source

This paper analyzes a variety of Challenging Roles of Ethical Hacking employed in Cyber Security. The requirement for more viable requesting data security rehearses is progressively evident with every security encroaches revealed in the media. Ethical hacking set forward a target investigation of an association's data security bearing for associations of numerous phase of security capability. Programmers must output for shortcomings, test section focuses, needs targets, and build up a procedure that best use their assets. The reason for this sort of security appraisal directly affects the estimation of the entire assessment. More finished it is recognized that electronic devices are fundamental to forestall digital culprits hacking into online systems to contain their administrations and access secret information for uncalled for purposes. Ethical Hacking is capably required where approved programmers endeavor to penetrate a business' frameworks/arranges for the benefit of the proprietors with the goal of discovering security shortcomings. It give bits of knowledge into how Ethical Hacking, as Penetration Testing utilizing free open source devices, can be utilized by associations to secure their system's administrations/activities. Utilizing Nmap, Google Hacking, Nessus, Brutus and Acunetix .Thus measures were placed in to determine these vulnerabilities and dodge the delicate information from potential digital threats.  

scholarly journals Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective

2020 ◽  
pp. 172-184 ◽  
Author(s):  
Iason Somarakis ◽  
Michail Smyrlis ◽  
Konstantinos Fysarakis ◽  
George Spanoudakis
Keyword(s):  
Cyber Security ◽  
Security Assurance ◽  
Model Driven ◽  
Cyber Range

Cyber Security

2021 ◽  
pp. 174-208
Author(s):  
Michael A. Goedeker
Keyword(s):  
Data Collection ◽  
Open Source ◽  
Cyber Security ◽  
Modern Technology ◽  
False Information ◽  
The Past ◽  
Open Source Intelligence ◽  
Intelligence Agencies ◽  
The Many

New attacks and methods seen today indicate an emerging trend and dependency on reverse-engineered technology that was used in the past by espionage and intelligence agencies and their tactics as well as use of modern technology to obtain information and data that is turned into usable intelligence. One of the many disturbing consequences of this is that we are faced with attackers that are versed in stealth, deception, planting false information, and increased training in newer attack technologies that classical tools can no longer reliably find. In addition, advanced attack and deception skills now use OSINT (open source intelligence) data collection tactics that have moved entire attack chains into the espionage and surveillance realm.

Cyber Security and Open Source Intelligence Techniques

2019 ◽  
pp. 68-86
Author(s):  
Onurhan Yılmaz
Keyword(s):  
Open Source ◽  
Cyber Security ◽  
Data Transfer ◽  
Information Access ◽  
Security And Privacy ◽  
The Internet ◽  
Positive Effects ◽  
Open Source Intelligence ◽  
The Media ◽  
Use Of Social Media

Open source intelligence (OSINT) is one of the most confrontational topics in cyber security in today's world where technology and data transfer methods are highly developed. It is known that many organizations and individuals use OSINT as an information gathering tool during data transfer over the internet and provide many personal or corporate information access. OSINT is a systematic method that is produced by official and private organizations via sources such as the internet or the media. In recent years there has been some debate about the security and privacy of this information, especially with the widespread use of social media. In this chapter, the control of information obtained by OSINT the security will explain the positive effects on this control mechanism.

scholarly journals The Use of Cyber Ranges in the Maritime Context

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Kimberly Tam ◽  
Kemedi Moara-Nkwe ◽  
Kevin Jones
Keyword(s):  
Cyber Security ◽  
Defensive Strategy ◽  
Skill Levels ◽  
Cyber Threats ◽  
Security Training ◽  
Training Programmes ◽  
Use Studies ◽  
Defence Strategies ◽  
Cyber Range ◽  
Computing Infrastructure

A good defensive strategy against evolving cyber threats and cybercrimes is to raise awareness and use that awareness to prepare technical mitigation and human defence strategies.  A prime way to do this is through training.  While there are already many sectors employing this strategy (e.g., space, smart buildings, business IT) maritime has yet to take advantage of the available cyber-range technology to assess cyber-risks and create appropriate training to meet those risks.   Cyber security training can come in two forms, the first is so security professionals can raise their awareness on the latest and most urgent issues and increase defence skill levels.  The second form is directed at non-security professionals (e.g., ship builders, crew) and the general public, who are just as affected by cyber threats but may not have the necessary security background to deal with the issues.  Conducting training programmes for both requires dedicated computing infrastructure to simulate and execute effective scenarios for both sets of trainees.  To this end, a cyber range (CR) provides an environment for just that.  The purpose of this paper is to use studies on the concept of cyber ranges to provide evidence on why the maritime sector should embrace this technology for maritime-cyber training, and envision how they will provide maritime training and risk assessment to combat tomorrow’s threats.

scholarly journals Addressing the Security Gap in IoT: Towards an IoT Cyber Range

Sensors ◽  
2020 ◽  
Vol 20 (18) ◽  
pp. 5439
Author(s):  
Oliver Nock ◽  
Jonathan Starkey ◽  
Constantinos Marios Angelopoulos
Keyword(s):  
Cyber Security ◽  
Modular Architecture ◽  
Technological Readiness ◽  
Concurrent Execution ◽  
Skills Shortage ◽  
Readiness Level ◽  
Research Goal ◽  
Iot Devices ◽  
Cyber Range ◽  
Future Work

The paradigm of Internet of Things has now reached a maturity level where the pertinent research goal is the successful application of IoT technologies in systems of high technological readiness level. However, while basic aspects of IoT connectivity and networking have been well studied and adequately addressed, this has not been the case for cyber security aspects of IoT. This is nicely demonstrated by the number of IoT testbeds focusing on networking aspects and the lack of IoT testbeds focusing on security aspects. Towards addressing the existing and growing skills-shortage in IoT cyber security, we present an IoT Cyber Range (IoT-CR); an IoT testbed designed for research and training in IoT security. The IoT-CR allows the user to specify and work on customisable IoT networks, both virtual and physical, and supports the concurrent execution of multiple scenarios in a scalable way following a modular architecture. We first provide an overview of existing, state of the art IoT testbeds and cyber security related initiatives. We then present the design and architecture of the IoT Cyber Range, also detailing the corresponding RESTful APIs that help de-associate the IoT-CR tiers and obfuscate underlying complexities. The design is focused around the end-user and is based on the four design principles for Cyber Range development discussed in the introduction. Finally, we demonstrate the use of the facility via a red/blue team scenario involving a variant of man-in-the-middle attack using IoT devices. Future work includes the use of the IoT-CR by cohorts of trainees in order to evaluate the effectiveness of specific scenarios in acquiring IoT-related cyber-security knowledge and skills, as well as the IoT-CR integration with a pan-European cyber-security competence network.

Sign in / Sign up

Export Citation Format

Share Document