Tips to Avoid Breaking Your VMs¶
This article will cover strategies to ensure your students' virtual machines remain stable and working as expected. Breaking VMs while working on cybersecurity courseware is pretty much inevitable, so if you need help resetting a VM that is already broken, please review the article titled How to Restart or Reprovision a Virtual Machine.
Most Common Issues¶
Changing User Login Credentials¶
It is required that the primary user that is logged into/on our VMs (typically "student") remains the same in order for our auto-login system to work as intended. Please avoid changing the password for this user. When working through user or password-based exercises, please create additional users for password and security demonstrations. Also, do not remove the student account from the VM. This will also prevent auto-login from functioning properly.
Blocking Remote Access Services¶
The Cyber Range’s browser client (to your VM’s Desktop) relies on web based RDP (Remote Desktop Protocol) connections over network websockets, as well as SSH (secure shell/sftp) connections from the Cyber Range website into your Cyber Range Virtual Machines. As such, on your Cyber Range VMs, avoid implementing any firewall rules that block remote access services such as RDP (remote desktop) or SSH (secure shell), which typically run on ports 3389 and 22 respectively. RDP is used to access both Windows and Linux VM desktops, and ssh/sftp (port 22) is used by our Linux systems for both remote access as well as enabling Cyber Range file transfers between your client PCs to Cyber Range Linux VMs.
The Cyber Range client (your desktop) responds to our infrastructure via a HTTPS web socket, which forwards an RDP or SSH connection to your browser. This means you must connect to the Cyber Range via HTTPS rather than RDP or SSH. On your client PC or laptop, to maintain solid connectivity to your Cyber Range VMs, always disable pop-up blockers against any of our Cyber Range URLs, and also ensure any personal firewall services do not block “websockets” out to the Cyber Range. On this last point, if you don’t run any third party, personal/software firewall or antivirus/malware/advert blocking security suite, then you’re probably fine.
Applying Software Updates¶
Updating the operating system or any packages on Cyber Range VMs that are relied on by courseware can change (or break) the user experience for a given courseware curriculum. If you plan to make any modifications to the packages or full OS upgrades, we recommend testing your changes before class.
Changing or Deleting Passwords or SSH Keys¶
Changing a password or deleting an SSH key in an exercise environment can disable or break key features in the environment. This can even result in the environment being completely unusable and unrecoverable. For more information on this, please see the article titled Why should I not change a password or delete an existing SSH key in my exercise environment?.
Operating System Updates¶
On Cyber Range VMs, system wide operating system (OS) updates can sometimes introduce stability issues on some of our VM images. For VM rolling-release distributions, like Kali Linux, we strongly recommend avoiding system wide updates completely since this often breaks the system. When demonstrating package update best practices, we recommend using a current/production-worth OS such as one of our Ubuntu Linux, Debian Linux or licensed Windows VMs. Updating and installing individual packages usually won't cause problems; however, we always recommend testing this before using it in the classroom!
For non-rolling distributions, we strongly recommend avoiding any updates to the major version release (i.e. Ubuntu 20.04 to Ubuntu 20.10). Doing this can replace the VM’s cloud-specific kernel and will likely break your remote access desktop logins.
Remote Desktop Sessions (RDP)¶
Cyber Range exercise environments consist of Virtual Machines running in the cloud and are accessed through the web browser on your local computer. Because of this, there are a few services that must remain intact on the remote virtual machines and cannot be modified or blocked by the firewall. These are the RDP (port 3389) and SSH (port 22) network services.
RDP (port 3389): The Remote Desktop Protocol must be running and listening on port 3389. Please ensure that your firewall rules do not block this port number, as doing so will result in the loss of the connection to the remote machine.
SSH (port 22): All of our Linux VMs need SSH access for either remote logins or SFTP (Secure File Transfer Protocol), both of which rely on port 22 being open. If the SSH service is unavailable or blocked by the firewall, the RDP connection as a whole will fail. More details for SSH "Terminal" sessions can be found below.
Terminal Sessions (SSH)¶
Terminal sessions require that the sshd service is running and listening on port 22. This port must be open on the firewall and should not be blocked at any time, as this will terminate your connection to the system.
The default user in the environment has Cyber Range keys in the ~/.ssh/authorized_keys directory (typically in /home/student/.ssh/authorized_keys) and should never be removed or modified.
While SSH keys can be added to the system, you must ensure that the default SSH key entries are not overwritten or modified and that the default permissions and ownerships of the files and directories remain the same.
Older/Vulnerable Windows Target VM Issues¶
At least one of our environments includes an older, vulnerable Windows target VM for penetration testing labs, and is designed to remain vulnerable and cannot be licensed or patched. In order to ensure that this environment functions properly, you will need to ensure that you do not attempt to apply software updates to this older intentionally vulnerable system and that critical services are not blocked by the firewall, as this may render the system inaccessible or require a reset (wipe & reprovision) of the environment. "
Current Windows VMs¶
If you are interested in teaching Windows Sys-Admin best practices, Desktop & Server security settings, endpoint GPOs, security & software updates, Windows host hardening, etc — then we recommend demonstrating this with one of the current, licensed Windows Desktop or Windows Servers virtual machines that can be found in the courseware catalog. Try to never apply security or software updates to our intentionally older, vulnerable Windows systems that are designed for penetration testing.
Have a Question? Contact Support¶
We're here to help you. If you still have questions after reviewing the information above, please feel free to submit a ticket with our support team and we'll get back to you as soon as possible.
Thank You for Your Feedback!