Monday, February 3, 2020

Cyber Range Teams

The Cyber Range Live blog is going to begin as a blog to gather detailed information of Cyber Ranges.  Then I plan to post code to build a Cyber Range locally and on Cloud providers.  Then I plan to provider users a development Cyber Range as a Service (CRaaS).

I thought for the first blog I would post an explanation of the different teams involved in a Cyber Range.  Most people are familiar with Red and Blue teams associated with Capture the Flag (CTF) Events since they concentrate on attack and defend scenarios. A Cyber Range though has multiple teams associated.

  • Red Team - The Red Team is responsible for attacking users’ computers using certain vectors of infection such as virus, Trojans, malware, etc.   The Red Team generates malicious users sending cyber attacks.  The Red Team can be human actors but can be automated and detailed, such as in Virtual Scenario Definition Language
  • Green Team - The Green team is responsible for simulating legitimate users over wire or wireless connections with their desktops, laptops, tablets, smartphones to the application infrastructure hosted on the network infrastructure. The Green Team generates legitimate users and servers.  
  • Blue team -  The Blue Team manages the availability, scalability, security and stability of network infrastructure and application infrastructure. The Blue Team generates the IT, NoC, SoC, CIRT, Forensic users.
  • White Team - The White Team creates the cyber-attacks scenarios in order to monitor success or failure of blue team to defend properly against cyber-attacks which have been previously launched by red team.  The White Team are the instructor and creates the Cyber Attack Scenarios.  This should also be a self service stand up of a cyber range with pre-canned scenarios to run.
  • Yellow Team -  The Yellow team reports situational awareness. The Yellow Team generates innocent users installing malicious content without knowing.
  • Grey Team - The Grey team represents normal traffic and service requests that must be maintained. 
  • Purple Team -  The Purple team, is a collaboration of a red team and a blue team i.e. both offensive and defensive techniques. The offensive method deals with tactics, techniques and procedures while, the defensive method deals with improving detection and response capabilities.  Deals with Legal and Media, handle by partners
I found several sites and references detailing the above but liked the thesis written by Ishaani Priyadarshini titled Features and Architecture of The Modern Cyber Range: A Qualitative Analysis and Survey -