Building an On-Site Cyber Range

w/ 2CPU, 128GB Memory, & 6TB of RAID-10 Storage

The AWS Cyber Range provides both a free automation framework as well as an expandable & customizable open-source research lab blueprint on the worlds best cloud platform — Amazon Web Services.

However, the cloud is not for everyone. It is a challenging frontier of complexity for business, enterprises, and administrators. Individuals in both Academic & Enterprise worlds are interested in building an On-Prem Cyber Range and extending capacity with a hybrid-cloud implementation.

In this article I am going to outline how to build your own Cyber Range research lab at home, in the office, or in a classroom. Hybrid Clouds are a common implementation for businesses.

VMWare’s value-added role within this solution space is clearly defined. This provides you with 3 #1 Best-In-Class solutions for your research center footprint.

Amazon has a partnership with many, including VMWare. More info on their Hybrid Cloud approach is shared in the article reference below

Hybrid Cloud with AWS | Amazon Web Services

Disclaimer

This allows the balancing of equipment & operational costs when building out your private research center / lab.

Beginners beware - This is not meant to be a comprehensive how-to guide. There are generalities that I skip past that should be researched.

The goal of the AWS Cyber Range project & CommandCenter (c2) container projects is to eliminate the need to manually configure, test, and troubleshoot build environments by using DevOps tooling such as CircleCI, terraform, docker, inspec, and vagrant.

This is a good place to insert some related-tangent reading. Learn more by diving into the SecDevOps 101 post. I share w/ you the friend-link so you do not need a medium pro-subscription.

SecDevOps 101 —Strengthen the Basics

The On-Site implementation contains situational-specific issues that pop-up. The ability to perform basic google-hacking is essential to success for both novices and experienced professionals alike.

I’m simply going to outline a relatively reasonable approach to a small-scale, low-cost private research lab.

With that said, I believe we can translate a 2D AWSCyberRange Cloud-Craft Model into an On-Site Cyber Range with a bit of effort & creativity.

CloudCraft 2D model highlights the Virtual Networks within the AWS Cyber Range

Forecasting & Forward thinking

Computer systems depreciate over time just like a used-car. One of the benefits of utilizing the Cloud Platform is that you eliminate the impact of asset investment/depreciation for an organization.

There is a big difference between a small scale research lab operating off common 110v circuits with a thermostat controlled room & a production data center which requires 240v, commercial cooling, electric, and isolated, fault tolerant infrastructures. Especially when you think about Compute & Storage requirements of each VM & any associated snapshots.

What about networking requirements & site-to-site connectivity? The possible complexities and options of research labs are endless. I’ll ask that we agree to keep the On-Site research lab as flat & simple as possible.

I suggest investing a bit of time/effort into capacity planning to determine the proper balance between cost, availability, utilization, inventory management, & system administration resource needs to support the operations of the physical research center that houses your machines.

A rack server, such as the Dell R710 will generate heat. Multiple Servers will raise a room’s temperature by 5–10 degree’s and likely require multiple separate circuits & some cooling.

An Example

The Amazon Link below provides a customizable used/renewed R710 System starting at $355. A quick update of the configuration and we can add a (2) Multi-Core CPUs, 192GB of Ram, and multiple terabytes of HD storage for less than $900. If you have a limited budget, this is an excellent starter kit.

If you can splurge on upgrades then SSD drives will definitely speed up the boot-time of the system. However they are much more expensive than standard platter-based magnetic hard drives.

Dell PowerEdge R710 Server | 8X 2.5 Bays | Build Your Own (Renewed)

An Example Setup

When I started I plugged some specs into an AWS cost calculator and recall seeing outrageous monthly cost estimates in the ballpark of $3–4K per month.

At the time, I decided that an invest in a server for less than half that investment. I use a 2-CPU, 6-core, 2.66 GHz x5650 with 128GB of ram & 12TB of available storage.

My requirements of the server were straight-forward — I simply wanted the most reasonable amount of RAM, Compute, and Storage for the lowest cost.

Dell R710 w/ plenty of ram & storage

I created a RAID-10 setup after a catastrophic failure. This provides the ability to hot-swap a failed HD. The only downside of the RAID-10 hot-swap setup is that I have to compromise storage to allow mirroring, ultimately reducing the total storage of 12TB to 6TB.

I didn’t arrive at this RAID-10 setup initially. I had to experience a HD failure after countless hours setting up, configuring, and building my system. Once I realized I could avoid it, I setup a RAID-10 array and never looked back.

If you don’t have any experience with RAID setup / configuration then consider the below article a quick overview, read it, and gain a better understanding.

RAID 0, RAID 1, RAID 5, RAID 10 Explained with Diagrams

Forecasting requires one to account for failures which do not occur in the cloud. A single server in a small research lab is adequate however the requirements for a 20 person research lab is likely different than the requirements for 100+ people per lab. The latter will likely require a bit more hardware and isolation between assets.

The Software — past & present

The Original CyberCloud — 2015

The very first cyber range prototype, called the CyberCloud, I used vagrant to build and configure multiple OpenStack private cloud environments.

However setting up the private openstack cloud required a separate bit of System/Network Admin know-how & application-specific knowledge.

OpenStack was far-behind the AWS capabilities. I discontinued my investment in Openstack R&D then shifted my cloud computing learning & development towards the Amazon Web Services.

cappetta/CyberCloud

In Feb 2019, I released the worlds first open-source the AWS Cyber Range blueprint using a terraform-based framework. More recently, I’ve added vagrant back into the Cyber Range toolkit because of the value I see it bringing within the DevOps & Automation engineering domain.

Software Defined Networks

If you are building research lab with a network administration focus then perhaps some hardware is in order. However, I believe hardware can be emulated. VMWare provides vlan support / isolation and I believe this will work in most cases.

VMWare DevOps w/ Terraform & Vagrant

A few years ago I’ve invested in a VMWare workstation license & completely rebuilt my lab. I find that VMWare workstation allows me the flexibility & ease of use that I need for a moderate size private research lab at home and there is minimal need for DevOps automation.

At this point it is well understood & agreed upon that Terraform and Vagrant are 2 core technologies of the AWS Cyber Range. I’ve used these 2 DevOps technologies for many years and plan to use them for years to come.

Terraform’s most recent version is still less than v1.0, both have proven to be enormously valuable & reliable in the automation core infrastructure.

I haven’t invested in these extra license seats however I see there are a few options available. For example this terraform vsphere provider and this vagrant-vsphere plugin.

nsidc/vagrant-vsphere

Provider: VMware vSphere — Terraform by HashiCorp

Vagrant / VMWare Workstation license is also available and provides an individual the ability to build automation using the vagrant vmware workstation software. However, I do not see a terraform workstation provider.

VMWare Integration | Vagrant by HashiCorp

Vulnerable Systems, Machines, and Scripts

Now that you have your research lab up and running w/ the basics (networking, operating system, virtualization software) you can focus on identifying research & training scenarios. Given this is an open-source project we can use one of many different github repositories & free license’d tools.

First, I’d strongly recommend taking a look at vulnhub.com — people are always publishing new virtual machines and setups to that public repo.

Vulnerable By Design ~ VulnHub

Next I’d take a look at Metasploitable assets. Both 2 and 3 can be downloaded and built to provide vulnerable windows systems.

rapid7/metasploitable3

From there I’d look at docker containers. The scripts on the Kali Cyber Range instance are found in the Cyber Range repo under the tools directory. Each container has a different purpose yet all are enormously useful to learn from.

There are also github repos like vulhub that provide CVE specific training containers. There are also many OWASP containers which provide focused training / learning. The goal is to simply take as many or as little as you would like and create a set of labs from these materials.

vulhub/vulhub

OWASP/joomscan

jesusprubio/awesome-nodejs-pentest

If you are in an academic setting then I’d suggest the following additional tools / licenses.

JetBrains: Developer Tools for Professionals and Teams

Tenable for Education

Researcher Desktop Environments

Commando VM: The First of Its Kind Windows Offensive Distribution

FLARE VM: The Windows Malware Analysis Distribution You’ve Always Needed!

Security Intelligence Tooling:

dtag-dev-sec/tpotce

Defenders Environment:

clong/DetectionLab

Related Articles:

Here are some related articles that you might be interested in…

SecDevOps 101 — Strengthen the Basics

Step 2 — Building the Cyber Range w/ Terraform

Cyber Range v2–09.06.2019

AWS Cyber Range — The Ultimate Cyber Lab Overview