Cyber range development : configuration of the cyber range environment network and monitoring tools
Ανάπτυξη εικονικού περιβάλλοντος δοκιμών : ρύθμιση περιβάλλοντος, δικτύου και εργαλείων παρακολούθησης
View/
Keywords
Cyber rangeAbstract
As our environments become increasingly digitized, the frequency and complexity of cyber-
attacks continue to grow. The shortage of cybersecurity professionals, coupled with evolving
attack patterns, underscores the need for advanced training environments that closely simulate
real-world scenarios. Practical lab work, pre-configured hacking challenges, Capture the Flag
(CTF) competitions, and virtual machines are common methods used to enhance cybersecurity
skills. However, these training resources can quickly become outdated since new threats are
introduced daily. Cyber ranges offer a more dynamic and comprehensive alternative by simulating
networks, systems, and applications to facilitate scalable cybersecurity education, training, and
testing. They achieve this by allowing professionals to assess the impact of emerging threats on
an updated copy of their actual infrastructure without risking operational downtime or
compromising sensitive data. These environments can support the cybersecurity community to
keep pace with the rapid development of disruptive technologies and the growing interconnectivity
of digital systems. This thesis proposes a methodology and an implementation of a software stack
that includes: 1) the automated, and replicable deployment of a cyber range containing basic
services and users 2) the methodology of enabling logging mechanisms to properly detect threats
3) the connection method to SIEM solutions from the active logging mechanisms 4) the
implementation of adversary emulation to verify the functionality of the detection stack. By
demonstrating this chain of procedures, this thesis offers a methodology that demystifies a
seemingly complex procedure, which can be fostered by vendors both in the private and public
sector to build cyber ranges based on their actual infrastructures and repetitively test them against
new threats while also verifying that their detection stack is properly functioning.