Cyber Operation Environment – RGCE

RGCE (Realistic Global Cyber Environment) is a Cyber Range for research, development, training and exercise.

Functions like the Internet

The environment has been modeled after the real structures and functionalities of the Internet starting from public IP addresses and geographical locations to the core services of the Internet (e.g. name services, update repositories, certificate infrastructure). Routing between Internet operators models operators functioning on various levels both globally, regionally and locally.

Isolated and controlled environment

RGCE offers a risk-free environment for use of attacks, known vulnerabilities and real malware. Considering that RGCE is isolated network environment it can be used without jeopardizing, compromising or contaminating real production environments, production networks or systems in production use.

Simulates real network traffic

Network traffic within RGCE has been automatically generated using traffic generation software designed, developed and maintained by JYVSECTEC. Traffic generation software utilizes same functional principles as botnets. Bots are controlled by Web based User Interfaces and command servers for modeling realistic user behavior and end user traffic on the Internet. In addition, we also use commercial solutions to produce automated user and attack traffic in the environment.

Offers facilities of a normal organization environment

The structure of the RGCE environment enables the implementation of operator, data center, company and organization environments for training or exercise use. In realistic environments it is possible to model and test as well as evaluate the real threats, vulnerabilities and attack vectors they are faced.

Realism

The environment models dozens of worldwide ISPs (Internet Service Provider) of various sizes, public IP addresses and their real geographical locations. The modelled Internet service providers provide Internet core services e.g. realistic Domain Name Service (DNS), Network Time Protocol (NTP) and WEB services (e.g. news sites, cloud services, social media). In addition, Internet service providers have also customer networks that are used to produce automated user traffic thus modelling the consumer connections of the service providers.

Network services

RGCE includes several ready targets where traffic can be generated, e.g. their own ”Twitter”, news sites, discussion forums, TOR network, video services, IM servers and image gallery sites. In addition, RGCE has its own update repositories for various operating systems, the updated state of which can be controlled. For example, a situation can be arranged where Windows/Linux operating systems can be updated in only certain wanted date’s updates. An equivalent repository has been built for various programs (e.g. Flash, Java, browsers).

RGCE includes among others following services:

  • BGP routed Internet Service Provider structures with public IP addresses
  • Realistic name service architecture
  • PKI infrastructure
  • Time services
  • Controlled update repositories for various operating systems
  • Controlled software repositories
  • Realistic web services including social media
  • Email services
  • Instant message services
  • Organisation environments
  • TOR network
  • Situation picture of the whole RGCE environment
  • Developed threat models (various attack vectors ranging from insider threats to DDoSes)
  • Technologies: NGFW, IPS/IDS, SIEM, WAF, User-ID, DDoS mitigation, Identity and Access Managament (IAM), Malware sandboxes etc.

Network traffic

RGCE can save traffic from any part of the network. Besides, the saved traffic can be analyzed from various parts of the network simultaneously and dependency relations can be built e.g. from visible identities (MAC addresses, IP addresses etc.) (Which identities discuss with each other etc.). The various connections can be visualized on the world map based on the geographical location of the IP addresses. The saved traffic (pcap files) can also be resent using JYVSECTEC’s own software so that the MAC/IP addresses of the sender/receiver’s saved traffic are changed, which enables multiplying the same saved traffic from various sources simultaneously. In addition to JYVSECTEC’s own software the use of commercial traffic generator enables versatile range of different realistic application profiles to be generated in the environment.

The software to generate network traffic enables e.g. following traffic types based on realistic traffic profiles:

  • WWW browsing modelling normal users
  • Sending emails
  • DNS queries
  • Instant Message discussions
  • FTP data transfer
  • Various DOS/DDOS attacks (volumetric and sophisticated)
  • Realistic background/noise traffic (Scanning and broken protocol packets, e.g. non-matching TCP headers to RFC)
  • Bruteforce logins

Implementation

The environment has been implemented using modern cloud service architecture combined with virtualization and flexible connectivity of physical devices. This so-called hybrid model offers a cost-effective, versatile and flexible way to build e.g. a company’s operation environment with its services and operation processes. The built environment not only has to model one outlet/location but the environment can model various topologies. RGCE unites physical devices (e.g. routers, switches or IT security devices) with the virtualization resource (operating systems, information security products etc.)

The users of the virtualization resource are offered so called virtual Data Center environment where the users either have ready implemented environments or they can themselves build virtual machines and use them safely via a Web browser without endangering contamination of their own device or being connected to the environment directly.

jyvsectec monitoring room

Situation room

RGCE is connected to JYVSECTEC situation room with various display technologies, e.g. multi-touch displays, projectors and televisions to control various image sources centrally using a control panel. The situation room is suitable for e.g. going through various technologies in the training, as a situation center in cyber security exercise for the leaders or for studying and comparing various technologies.

 

Technologies used

We have at our disposal a modern infrastructure as well as information and cyber security technologies.

 

Read more about JYVSECTEC Cyber Range and our solutions 

JYVSECTEC is an independent cyber security research, training and development center.