Deployment of a cyber polygon on the basis of the university pursues the goals of students, researchers, and specialists practicing tactics for repelling cyberattacks on critical infrastructure facilities, as well as simulating cyberattacks while simultaneously practicing cyberattack techniques.
Cyber operations are practiced in a closed virtual environment that does not have access to the Internet. The main element of the cyber polygon is software and virtualization systems with the help of which cyber attacks on computer networks are simulated. This allows you to reduce (or completely eliminate) the costs of purchasing cloud computing resources and unnecessary use of bandwidth of general communication channels to perform the tasks of the cyber polygon.
In turn, the training cyber polygon will allow simulating cyberattacks on the server infrastructure involved in maintaining the HEI infrastructure to find vulnerabilities and establish a better system for protecting their resources.
The concept of deploying a cyber polygon at NTU KhPI
Загальні відомості
The cyber polygon is a specialized network that is completely isolated from the internal corporate information and educational network of the university. At the same time, the cyber polygon is a complex of high-performance laboratories that provide the main areas of development of digital services, increasing the level of practical training in detecting computer attacks, investigating information security incidents, interaction between units, implementing preventive measures to prevent computer attacks on students, specialists, experts and managers in the field of information technology, information security and industrial automation systems, conducting cyber training, competitions and practical training in information security for students, specialists, experts and managers in the field of information technology, information security and industrial automation systems, testing software, equipment, elements of automated systems and industrial automation systems for the implementation of information security functions.
It is proposed to form a cyber polygon from three main areas:
Grade 1 – study of cyber-physical systems;
Grade 2 – studying Internet of Things systems, blockchain technology;
Grade 3 – studying the security of critical infrastructure facilities.
The main functions of the Cyber-Physical Systems Laboratory:
– conducting practical classes on learning how to find and prevent hidden channels of information leakage;
– search for bookmarks and practical prevention of their use;
– conducting classes on assessing the security of mobile and wireless channels, mobile Internet;
– assessment of the stability of cryptographic algorithms, their use in security systems.
– conducting classes on the basics of post-quantum cryptography.
The main functions of the Internet of Things and Blockchain Technology Laboratory:
– conducting practical classes on deploying and forming the “Smart Home” security system;
– conducting practical classes on the use of blockchain technology in the “Smart Home” security system;
– analysis of communication channel vulnerabilities in Smart Home systems, sensor and Mesh networks;
– conducting a pentest of systems based on Internet of Things.
The main functions of the critical infrastructure security laboratory:
– conducting external and internal audits of the current state of critical infrastructure facilities based on automated banking systems;
– training and practical use of the Public Key Infrastructure based on the Key Certification Center. Formation of a database of university students’ certificates;
– vulnerability analysis of critical infrastructure elements;
– conducting practical classes on assessing the possibility of hacking Web resources of critical infrastructure facilities.
It is proposed to consider the creation of three integrated laboratories that will allow for the formation of a single complex.
The complex is designed to solve the following tasks:
– “Information security skills” – the infrastructure includes a platform for testing and training employees in practical skills in complying with information security rules, including simulating phishing attacks;
– “Protection against unauthorized access” – the infrastructure contains technologies and products from at least two manufacturers of access control tools of each type: information protection software systems for commercial operating systems, hardware and software modules of trusted loading (electronic locks), protected operating systems of domestic (at least two different types of operating systems) and foreign production, anti-virus information protection tools (at least two different domestic anti-virus protection tools);
– “Network security” – the infrastructure includes technologies and products from at least two firewall manufacturers, at least two attack detection system manufacturers;
– “Web application protection” – the infrastructure includes technologies and products from at least two manufacturers of web application layer firewalls;
– “Monitoring and analysis of information security incidents” – the infrastructure includes technologies and products from at least two manufacturers of incident detection and analysis systems;
– “Computer Incident Response and Computer Forensics” – The infrastructure contains at least two manufacturers of tools for searching, recovering and analyzing digital evidence, including hidden and technological system information.
When forming practical tasks, it is planned to use practical and laboratory tasks from CISCO Academy courses in specialized courses CCNA Cybersecurity Operations, Network Security, IoT Fundamentals: IoT Security Course Resources.
Safety requirements
The virtualized data backup and recovery system provides the highest degree of fault tolerance of the complex. The ability to use the cyberfield remotely will allow conducting classes with students, taking into account both offline and online learning, and using the cyberfield’s capabilities in remote access to perform practical and laboratory tasks. The software and hardware of the cyberfield should be selected as a priority, taking into account the possibility of increasing computing power and scaling its components and subsystems, including using cloud technologies. The cyberfield should not be intended for processing information that constitutes a state secret. During the installation, commissioning, operation, maintenance and repair of the technical equipment of the Cyberfield, electrical and fire safety standards established at the work site must be observed. The Cyberfield’s power supply system must provide protective shutdown in case of overloads and short circuits in the load circuits, as well as emergency manual shutdown.
Requirements for protection against external influences
The software, hardware and technical means of the Cyberpolygon must be installed in specially equipped premises that provide the necessary degree of climatic protection from the effects of the external environment.
The premises in which the software and hardware of the Cyberpolygon are located must be equipped with access control and management, fire safety, ventilation and air conditioning.
The premises and equipment of the Cyber Polygon must exclude the possibility of uncontrolled access by unauthorized persons.
Requirements for ergonomics and technical aesthetics
The components of the technical part of the Cyberpoligon must be able to be installed in mounting racks (cabinets) in existing server rooms.
Technical support for unified workplaces should provide the opportunity to use the Cyber Polygon infrastructure to participate in cyber training and conduct software testing
Requirements for information retention in the event of accidents
In the event of accidents, the following information must be preserved:
– configuration settings parameters of Cyberpoligon systems;
– settings for the identification, authentication and authorization tools of the Cyberpoligon systems;
– event log data.
Information preservation must be ensured in the following emergency situations:
– power outage;
– failure of general or special software of the Cyberpolygon components;
– conducting internal and external attacks on the Cyberpoligon infrastructure.
Requirements for protection against external influences
The software, hardware and technical means of the Cyberpolygon must be installed in specially equipped premises that provide the necessary degree of climatic protection from the effects of the external environment.
The premises in which the software and hardware of the Cyberpolygon are located must be equipped with access control and management, fire safety, ventilation and air conditioning.
The premises and equipment of the Cyber Polygon must exclude the possibility of uncontrolled access by unauthorized persons.
CYBERPOLIGON Instructions – view in pdf format.
