A group of Italian researchers have developed a blueprint for a massive virtualized enterprise network to allow for large-scale security tests without ruining an IT manager's day.
The University of Rome team constructed a large-scale simulated enterprise environment where everything from public-facing servers to DMZ subnets and firewalled internal networks are virtualized together, linking everything from servers and network appliances to virty versions of Windows, Ubuntu Linux, and macOS endpoints.
The idea, said one of the lead researchers Mara Sorella, was to give network security researchers a way to do controlled experiments on a large scale. Rather than target a single appliance or operating system, a tester could see how an attack would play out across an entire corporate IT setup.
"The main use case is network security research, in particular the deployment of cyber ranges, allowing for controlled experiments in the cyber security domain," Sorella told The Register.
"Indeed, as the system generically allows to reproduce portions of a physical network into a virtual environment, the applications are endless: training IDS/IPS detection algorithms, testing multi-tiered applications and more generally conducting any analysis on software architectures that is not related to performance (which would instead require a copy of the underlying physical network)."
In their initial tests, the Rome Uni crew pitted a series of attacks ranging from bruteforce server attacks to ransomware infections, browser-based malware attacks, and even Heartbleed exploits on servers. The simulations ranged anywhere from five minutes to just under two hours to fully play out.
The group says it wants to further improve the project with simulation of end user behaviors and develop a way to fully automate the installation of various services.
Spotted: Miscreants use pilfered NSA hacking tools to pwn boxes in nuke, aerospace worldsREAD MORE
In the meantime, the team says their blueprint is relatively easy for others to follow. The system uses a combination of the OpenNebula, OpenvSwitch, and GlusterFS platforms along with a fairly modest hardware budget that should be well within the reach of most university departments and mid to large-size companies.
"In our case, we have thankfully received the hardware from Cisco Systems, as a donation to conduct our research, but it can be replicated with at most €7-10K of budget," Sorella said.
"Optionally, thanks to the OpenNebula/GlusterFs layer, the infrastructure is expected to be fairly scalable also when implemented using commodity hardware, or in any case not necessarily using very high-end servers and network equipments (in particular, the most expensive pieces are the switches which can be replaced with lower-end ones, with fewer ports)."
The team this week delivered a full outline of their project in their paper, Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems (PDF). Authors are Florin Dragos Tanasache, Mara Sorella, Silvia Bonomi, Raniero Rapone, and Davide Meacci. The paper has been accepted for publication in the International conference on Distributed Computing and Networking (ICDCN2019) ®