Cyber Range Network Restrictions¶
Just like a bomb range, a gun range, a tank range, a cyber range is a safe place to play with dangerous tools. The Cyber Range is where we give you the powerful hacking and defense tools that you need to teach your cybersecurity classes.
The Cyber Outgoing Range Firewall:¶
One of the safety restrictions that we place on the Cyber Range is that we disallow or block all outbound network traffic so that you can be assured your students are not attacking live Internet web sites or targets. You can not ping, traceroute, nmap/portscan or even connect via ssh to hosts on the Internet from the Cyber Range virtual machines. However, these tools have not been disabled and can still be used with some of our Multi-VM environments. For more information, please see Why Can't I Ping or SSH to IPs Outside of the Range?.
Allowing Some (limited) Web Traffic:¶
One exception that we DO allow (on most VM images) is that of allowing valid http/https web traffic out to resources like google-drive, drop-box, github, and most other legitimate web sites (including OS patching sites) for the purpose of downloading tools, artifacts, pcap files, special classroom files, or even homework assignments. This web interaction is also limited, however. By default, most of our VMs have system-wide proxy settings something like this: (example from the Kali Linux command line)
$ set | grep -i prox ALL_PROXY=http://squid.cyberservices.internal:80/ HTTPS_PROXY=http://squid.cyberservices.internal:80/ HTTP_PROXY=http://squid.cyberservices.internal:80/ NO_PROXY=localhost,127.0.0.1,localaddress,.localdomain.com,.example.com, 10. all_proxy=http://squid.cyberservices.internal:80/ http_proxy=http://squid.cyberservices.internal:80/ https_proxy=http://squid.cyberservices.internal:80/ no_proxy=localhost,127.0.0.1,localaddress,.localdomain.com,.example.com, 10.
In Windows, this is set in the registry, and can be seen from the system or browser advanced, network proxy settings. If you want to shut off Internet/web access from your students, these settings can be removed to keep them from (for example) googling answers on VM quizzes, etc. If you need additional, more absolute blocks, contact Cyber Range Support for assistance.
Child Safety Website Filtering:¶
Lastly, because the Cyber Range now also serves K12 communities, we implement child safety filters to prevent access to inappropriate websites such as gambling, pornography, social media, and streaming video web sites in order to assist organizations with child safety compliance requirements. If you find a site that you’re able to reach that you want blocked, contact Cyber Range Support to have the site added to the block list.
If you have any related questions or feature requests, please contact us and let us know how you’re trying to use the range.
Thank You for Your Feedback!