Cyber Range Network Restrictions¶
Just like with any range, a cyber range is a safe place to play with dangerous tools. The Virginia Cyber Range is where we give you the powerful hacking and defense tools that you need to teach your cybersecurity classes.
The Cyber Outgoing Range Firewall¶
One of the safety restrictions that we place on the Cyber Range is that we block all outbound network traffic so that you can be assured your students are not attacking live Internet websites or targets. You can not ping, traceroute, nmap/portscan, or even connect via SSH to hosts on the Internet from the Cyber Range virtual machines. However, these tools have not been disabled and can still be used with some of our Multi-VM environments. For more information, please see the article titled Why Can't I Ping or SSH to IPs Outside of the Range?.
Allowing Limited Web Traffic¶
One common exception in exercise environments is allowing outbound HTTP and HTTPS traffic to trusted services such as Google Drive, Dropbox, GitHub, and other legitimate websites such as operating system update servers. This access is intended for downloading tools, artifacts, PCAP files, classroom materials, or assignments.
However, this web access is still controlled and restricted. By default, all virtual machines are configured with system-wide proxy settings, similar to the example below from a Kali Linux command line:
$ set | grep -i prox
ALL_PROXY=http://proxy.cyberservices.internal:80/
HTTP_PROXY=http://proxy.cyberservices.internal:80/
HTTPS_PROXY=http://proxy.cyberservices.internal:80/
NO_PROXY=localhost,127.0.0.1,localaddress,.localdomain.com,.example.com,10.,169.
all_proxy=http://proxy.cyberservices.internal:80/
http_proxy=http://proxy.cyberservices.internal:80/
https_proxy=http://proxy.cyberservices.internal:80/
no_proxy=localhost,127.0.0.1,localaddress,.localdomain.com,.example.com,10.,169.
In Windows, these settings are configured in the registry and can be viewed through the system or browser advanced network proxy settings. If you want to disable Internet or web access for your students, you can remove these settings. For stronger or more comprehensive restrictions, please contact our support team for assistance.
Child Safety Website Filtering¶
Since the Virginia Cyber Range also serves K12 communities, we implement child safety filters to prevent access to inappropriate or unsafe websites, social media websites, and streaming video websites in order to assist organizations with child safety compliance requirements.
To support this effort, we use a publicly maintained web safety blocklist from Université Toulouse Capitole, which is regularly updated to account for new sites. If you believe a website should be added to or removed from the blocklist, you can submit the URL directly through the form on their website:
Université Toulouse Capitole Blocklist Form
Their team will review the request, and once it is approved, usually within 2 to 4 days, our system will begin enforcing the change within 24 hours.
Have a Question? Contact Support¶
We're here to help you. If you still have questions after reviewing the information above, please feel free to submit a ticket with our Support Team and we'll get back to you as soon as possible.
Thank You for Your Feedback!