This is an introduction to the online shooting range.

In recent years, the security situation at home and abroad has become increasingly severe, and the problem of network security has become increasingly prominent. Before the fuel transportation pipeline was blocked, the world's largest meat food supplier was hacked, which shows that more and more national key infrastructure providers, special industries and large public service industries have become the targets of hackers, so it is urgent to increase investment in information security. In addition to the investment in software and hardware technology and equipment, it is also a recognized fact that professional security talents are hard to find. According to statistics, the information security talent gap in China in recent 20 years is as high as 654.38+0.4 million. It is the general trend to make use of the characteristics of network shooting range to train network security talents systematically, standardly and procedurally, and to build their own security maintenance team.

Network and information security is a practical specialty. Therefore, to build a network security training range, it is necessary to make the range not only a knowledge learning center, but also a skill practice center and a technology research center. The platform construction of network attack and defense training ground should not only pay attention to the supporting construction of training and teaching business, but also pay attention to the construction of comprehensive training ground of network and information security skills. In order to support students' learning, offensive and defensive skills drills, business ability evaluation, collaborative work training and after-school technical research and verification, to ensure that they can meet the needs of different training businesses, and to support multi-dimensional quantification of each participant's capabilities, and to improve the technical capabilities of the team in all aspects in a planned way. Therefore, it is very necessary to build a comprehensive network shooting range with strong practicality and wide knowledge, which integrates training, network attack and defense drills, competitions and tests.

Free access to learning materials

202 1 complete network security information package and the latest interview questions

(Infiltration tools, environment construction, HTML, PHP, MySQL basic learning, information collection, SQL injection, XSS, CSRF, brute force cracking, etc. )

Cyber Range is a network system simulation platform in which five roles cooperate. It is used to support network security personnel training, network attack and defense training, security product evaluation and verification of new network technologies.

Network security personnel should carry out training and drills on offensive and defensive techniques; A new network technology needs to be tested, which can't be carried out on the Internet (causing irreversible damage), so it is necessary to establish a network shooting range and virtualize the elements of the network to the network shooting range.

Carrying out network security activities in network shooting range can not only avoid the occupation and consumption of real resources, but also realize the reuse of resources. The degree of injury caused by each safety test is controllable and detectable, and the collected test data can be analyzed and studied after the test. Network shooting range can improve the skills of network security practitioners without affecting the real environment, and can also find loopholes in security products and improve the performance and safety of security products.

Cyber shooting range has five roles: yellow, white, red, blue and green.

Huang Fang's role is the "director" and the "director" of the whole network experiment, and he is responsible for:

1, design test

2. Control test: start, stop, resume and stop.

3. Check the test: check the progress, status and detailed process of the test.

White is the "management" role of the network shooting range platform, and the "audience seating" of the shooting range test is responsible for the preparation work before the test starts and the "daily affairs" during the test:

1, build the target network and simulate the network environment before testing;

2. Be responsible for the system operation and maintenance during the test;

3. Recover and release resources after testing.

The red side is an "offensive" role, and the "villain" in the shooting range test, as opposed to the blue side, attacks the blue side in the offensive and defensive drills.

Blue is a "defensive" role and a "decent actor" in the shooting range test. In contrast to the red side, resist the attack of the red side in the offensive and defensive drills.

The green side is the "detector" role and "monitor" of the shooting range test, monitoring every move of the red and blue sides in the drill, and is specifically responsible for:

1. Monitor the current specific behaviors of both red and blue parties.

2. When the red and blue sides attack and defend successfully, judge the process of recovery success, attack technology and defense method.

3. Monitor the illegal operation of Red Party.

4. Conduct quantitative and qualitative evaluation on the test or test fragment.

5. Analyze the attack and defense mechanism of the experiment (for example, analyze the operation and propagation mechanism of new worms).

Before the test begins, Huang Fang, the "director", should determine the specific content and task objectives of the attack and defense test, determine the personnel arrangement for the test, and design the specific network environment, application environment and specific attack steps for the test.

Building restoration begins with the building structure, and the most basic thing to build a network shooting range is to clarify the network structure and build a network topology. White generates routers, switches, computers and other devices according to the network topology diagram designed by Yellow in the task scene, and configures and connects the devices according to the topology diagram to generate the network environment structure needed for the test.

In addition to the network structure, the target network should also provide users with application environments such as accessing browsers and sending and receiving emails. Just like a house, it is necessary to decorate the bedroom and kitchen before moving in to provide the residents with space to sleep and cook. With the corresponding application environment, there is room for related activities.

After generating the target network, White will connect the target system to the target network according to Yellow's design. Target, that is, the target of attack. The target system can be an actual device or a target system generated by virtualization technology, and the target setting will be different for different task types.

A "living" network has activities besides the integrity of the network structure. The real network environment is not always static. Every minute, people chat, play games and brush short videos ... After the target network is generated, White simulates these activities and behaviors and puts them into the online shooting range, making the shooting range "live" and closer to the actual network environment, rather than a pure land created by the laboratory.

The simulated flow is divided into close-range and distant view. Short-range traffic refers to the user's operation behavior, including the attacker's attack traffic, the defender's defense traffic, and the user's behavior of accessing the application system, such as opening a browser, sending and receiving emails, etc. Foreground traffic is background traffic that has nothing to do with the experiment itself.

Traffic simulation and target network generation * * * form a complete virtual environment of network shooting range, which makes the follow-up drills more realistic and partly increases the difficulty of the drills.

After the preparatory work was completed, the Red Party and the Blue Party conducted offensive and defensive drills in the environment built by the White Party according to the experimental design of the Yellow Party. The red side attacked and the blue side resisted.

During the experiment, Green monitored every move of the red and blue parties, collected data comprehensively as required, grasped information such as attack initiator, attack type, attack steps, and whether there was any violation, and displayed the detection results in real time through a visual interface.

After the experiment, Green Party further graded and analyzed the data collected in the early stage.

From small offensive and defensive behaviors to large offensive and defensive drills, the green side gives quantitative scores, concrete evaluations and advantages and disadvantages.

Analyze the test performance and test purpose, and issue relevant analysis results. If the purpose of the test is to study a new type of attack and analyze its mechanism; If the purpose of testing is to test a security product, analyze its security defects.

A series of work by the Green Party will help us understand all the safety incidents in the shooting range, correctly analyze the situation of the online shooting range and make a more accurate assessment.

There are three application modes of network shooting range: inside shooting, inside shooting and outside shooting. In addition, there is a distributed network shooting range mode.

Red and blue are all at the shooting range. The main application modes are CTF offline security competition, red and blue attack and defense competition and scientific experiment.

CTF(Capture The Flag) is a flag competition, the goal of which is to obtain a specific character string or other content (flag) from the target network environment and capture the flag.

Scientific experiments refer to testable experiments conducted by researchers on new network technologies, and feedback iterations are conducted on the new technologies according to the test results.

The red side is in the shooting range and the blue side is outside the shooting range.

An outside line means that the red side is outside the shooting range and the blue side is inside the shooting range. The typical application is safety product evaluation.

Why is there such a demand? Usually, we need to know whether the safety device works well and whether the safety scheme is effective. There are several methods: first, ask a professional penetration test and issue a penetration test report, but this activity that can only be tested once is called static test. But it is clear to all that even if it is tested today, there may be new problems and loopholes in products and solutions tomorrow. Then, the scene of "shooting range public beta" came out. Put the physical or virtualized products/solutions into the shooting range and let the white hat "attack" as the target. If it is destroyed, we will know what is wrong. This kind of open testing is much better than hiring a few experts for on-site testing because there are many white hats involved, and it does not affect the production environment and will not cause consequences. If the product has been put in the shooting range, problems can be found in the long-term public testing, and the product can be improved iteratively.

Distributed shooting range is to realize the function reuse and resource sharing between network shooting ranges through the interconnection of multiple network shooting ranges. Because the processing capacity and resources of a single network shooting range are limited, the distributed shooting range can comprehensively utilize the resources of multiple network shooting ranges, and this utilization is transparent to users.

For example, there is a banking network shooting range A and a power network shooting range B, and there is a test task that needs both banking network environment and power network environment. Then we can connect the two existing network shooting ranges A and B and start the experiment.

Distributed shooting range can connect the network shooting range of all walks of life, and realize the realistic simulation of all-round integrated Internet to a greater extent.

There are three main scientific problems in the network shooting range, which reflect the challenges faced by the network shooting range in key technologies.

1) was built quickly.

There are many users of the network shooting range, many users will use it at the same time, but most users will not use it for a long time. This requires that the target network of the network shooting range, including the network environment, can be generated, erased and recycled quickly, especially for applications with a large number of nodes, which is a major technical challenge. Without excellent network building ability, infrastructure and virtual layout technology are difficult to realize.

2) Imitation is true.

Because the network shooting range imitates the real network and has limited resources, most elements need virtualization, not physical objects. Therefore, how to simulate the target network elements realistically is a continuous challenge. In the network shooting range, does a physical router have all the functions on its virtual device? If the function is missing, will it affect the application of the shooting range? Realistic simulation of targets, network environment, virtual devices and background traffic. Similarly, network environment simulation also needs to serve the specific application scenarios of the shooting range, which depends on long-term accumulation.

The green side of the network shooting range mainly has the following challenges:

1. How to collect a large amount of data generated in the operation of network shooting range?

2. As long as it is collected, there must be contact (such as physical examination, blood drawing, and the instrument may go deep into the body), and contact will have an impact (affecting the computing resources and network resources of the target network ...). How to make the impact as small as possible, and how to strike a balance between this impact and comprehensive and accurate collection?

3. How to analyze, refine and evaluate the information that the green side of the shooting range needs to obtain based on the diverse and massive data collected?

This is a comprehensive test of probe acquisition ability, big data correlation ability, event analysis and restoration ability, and safety knowledge mapping ability.

1, multiple tests in the network shooting range are carried out at the same time, so it is necessary to ensure that the tests are independent and do not interfere with each other. It's like shooting at a target from multiple rooms. You can't shoot from one room to another.

2. The target network and the analysis network must be strictly and safely isolated, that is, the red side and the green side, the white side and the yellow side are safely isolated, and the red side cannot paralyze the green side, that is, the contestants capture the referee system, and the roles and systems in the laboratory also need to be safely isolated.

3. At the same time, safety isolation cannot affect the performance of network shooting range.