To build an effective cyber range, the first step is to define the objectives and scope of the range. Determine what topics or cybersecurity skills you want students to be able to practice in the range. Do you want a range focused specifically on network defense, digital forensics, red teaming/blue teaming, or a more generalist range? Clearly defining the goals upfront will help guide the technical design and implementation.
Once you have established the objectives, research cyber ranges that already exist to get ideas. Look at platforms like Metasploitable, CyberRange, SECURE, CoreLabs, and The Range. Analyze their virtual environments, scenarios, tools provided, and how objectives are assessed. This will help give you a sense of current best practices.
The technical foundation of the range needs to be decided. You will likely want to use virtualization to create isolated environments for each user. Platforms like VMware Workstation, Oracle VirtualBox, or AWS are common options to build out the virtual environments. Determine if you want to containerize any services for increased portability. Consider including tools like KALI Linux, Metasploit, Wireshark, John the Ripper in the environments.
Design the network topology and configurations for your range. Will each user get their own isolated virtual private network? How will different scenarios be modeled, like isolated networks, permeability between networks? Determine trusted and untrusted zones. Consider firewalls, routers, switches, VPN servers, web servers, databases, workstations that could be included.
Create documentation for how to set up and operate the range’s infrastructure. Detail how to initialize and configure the virtualization platform, deploy base images, stand up network services. Provide guidance on routine management and maintenance tasks. Develop runbooks for common issues that may arise.
Craft different cybersecurity scenarios and situations for users to encounter in the range. Scenarios should align to the objectives and build skill over time. Incorporate vulnerabilities to discover and exploits to practice. Make scenarios progressively more difficult. Record expected outcomes and evaluation criteria.
Integrate assessment and feedback mechanisms. Consider including virtual assets with vulnerabilities, logs, and evidence for users to discover. Track user actions within the range. Develop rubrics to provide tailored feedback on skills demonstrated in each scenario. Interface with a learning management system if desired.
Perform extensive testing on the range infrastructure, services, and scenarios before use. Work through scenarios yourself to identify bugs or weaknesses. Fine tune based on your testing. Ensure all intended user actions and outcomes perform as designed within the isolated environments.
Document all pieces of the range set up for future users and maintenance. Provide thorough walkthroughs for deploying and using the range, as well as best practices for expanding, updating, and operating it over the long term. Consider strategies for enhancing the range based on user and instructor feedback collected over time.
Once completed, the functional cyber range you have developed can serve as the technical foundation and active learning tool for numerous cybersecurity-related courses, modules, lessons, competitions and certification preparation activities for students. It allows for hands-on skill development in a low-risk setting based on realistic IT environments and challenges. With consistent refinement, a cyber range makes an excellent capstone project delivering long term value for any cybersecurity program.
Clearly define objectives, research existing ranges, design virtual infrastructure and networking, create realistic scenarios, integrate assessments, perform testing, and thoroughly document processes. A cyber range requires significant upfront planning and effort but pays dividends by providing an engaging, practical platform for cyber learners to gain and apply technical abilities. With the long term use and improvements such a range enables, it exemplifies the goals of a capstone project to positively impact the body of knowledge and learner outcomes.