When we are out working with teachers across the country on cybersecurity curriculum, one of the first questions we face when telling them about the new CYBER.ORG Range is “What is a cyber range?” I think we at CYBER.ORG are so used to using a cyber range that we forget that at one point we too asked that same fundamental question of what is a cyber range.
What exactly is a Cyber Range
We're excited the CYBER.ORG Range is live and open to all K-12 educators across the U.S. If you're curious about what a Cyber Range is and what makes ours special, this is the place to be!
A colleague of mine describes a cyber range by comparing it to a chemistry lab. A chemistry lab contains a lot of dangerous things like chemicals, fire, sharp items, etc. All these items outside of the chemistry lab are dangerous and could harm people, however a chemistry lab is built for these items to be used in a secure environment where students are able to learn chemistry safely. In the same sense, cyber-attacks are dangerous, so students need a safe place to practice these attacks where they can’t cause harm. A cyber range is a that secure place where students can use real-world cyber-attacks and not accidentally damage a system. For example, the CYBER.ORG Range uses the WannaCry payload ransomware that wreaked havoc on the internet in 2017 by infecting over 200,000 machines within 24 hours of being launched. While it seems dangerous to have the students using this payload since it could start infecting machines again, a cyber range enables students to practice protecting against this real-world payload safely by protecting the students in a couple of ways.
First, the CYBER.ORG Range is sandboxed, or isolated where these machines cannot communicate with external machines. In the case of WannaCry, it spread using the SMB protocol. On the CYBER.ORG Range, this protocol is shut down externally so the machines can’t actually spread the virus. This does result in the WannaCry damaging the machines on the range with the WannaCry payload; however, these machines can be reset within minutes on a range, unlike a normal system which can take hours or days to re-install the operating system. In running through this lab with the WannaCry payload, students can see a ransomware attack from the perspective of both a malicious actor (sometimes the kids will refer to them as ‘hackers’) and the victim. With this knowledge, students understand how these attacks work and start to learn how they can defend themselves against these types of attacks.
One of our favorite things about the CYBER.ORG Range is that it does not require any software to be installed on the machine, the students only need a web browser to access the range. All they need is a computer with an internet connection, nothing else. The range is funded by the federal government, so there’s no cost to K-12 schools across the country. It is hosted on AWS servers, making it scalable to match any number of students in a school. While teachers are defaulted with 2 classrooms and up to 40 students per class, teachers simply need to ask for more classrooms and/or more students per classroom to fit their needs. Teachers will never need to worry about updating the machines, we handle all of that.
Specifics about the CYBER.ORG Range
While most cyber ranges provide safe spaces for students to practice real-world cyber-attacks, not all cyber ranges are built alike. Here are some specifics on the CYBER.ORG Range for any teachers who may want to know more:
- The CYBER.ORG Range is free to all K-12 educators across the United States and US territories
- The CYBER.ORG Range is not available to colleges, universities, or non-educational organizations
- The CYBER.ORG Range is sandboxed by classroom
- Students in the same virtual classroom can communicate with each other
- Teachers can be in the student's virtual machine at the same time as the student
- This allows teachers to quickly troubleshoot a student's range
- Only K-12 educators can create accounts on the CYBER.ORG Range
- Student accounts are associated with the teacher’s account
- Teachers will create student accounts and give them log-in credentials
- The CYBER.ORG Range uses Kali Linux and vulnerable Windows 7 machines
- Every student will have access to both machines
- Additional environments will be added in the future
- The CYBER.ORG Range uses AWS’s servers
- The machines are non-persistent (do not try to save data on these machines)
- They are fresh installs every time, they will terminate after each session
- This helps keep the cost of the range low so that we can provide it at no cost to all K-12 schools across the U.S.
- The machines have internet access
- Students can download files from GitHub or other webpages
- The web traffic is filtered
- Teachers do not have to use CYBER.ORG Labs on the range
- Teachers can use materials from other providers on this range at no cost
- The CYBER.ORG Range is accessed via a web browser
- Students do not need access to a VPN or any special software to access the range
- In rare cases, IT departments may have to add *.cyber.org to their allow lists on their network
As of the writing of this, we have over 350 educators from 48 states using the CYBER.ORG Range and have launched over 30,000 machines.
If you'd like to run some cybersecurity labs in your classroom, apply to access the range. You don't have to teach a strict cybersecurity course to have some fun practicing cyber attacks with your students!