Have you ever strolled through the sales space at Cisco Stay and witnessed a showcase of innovative locking solutions? If so, you’re likely familiar with the esteemed Cisco Advanced Security Initiatives Group (ASIG). As a charter member, we’re entrusted to conduct rigorous safety testing and moral hacking across all Cisco services and products, regardless of their deployment – be it in the cloud or on-premise environments. As part of our rigorous security testing process, we focus on identifying vulnerabilities in products like those offered by Cisco, proactively seeking out weaknesses before they’re released onto the internet and potentially impact customer networks.
Our Product Safety Incident Response Team (PSIRT) has identified vulnerabilities to help harden Cisco devices. In situations where vulnerabilities exist, understanding effective strategies for exploiting them can empower you to select appropriate mitigation measures and fortify your security stance.
Each year, a category is introduced that trains college students in ethical hacking techniques by simulating a virtual environment for them to learn how to defend against potential threats and vulnerabilities. The initiative is primarily designed for interns from faculties and universities focused on cybersecurity research.
The course provides college students with access to a real-world community utilizing Cisco Modeling Labs (CML). The simulated community mimics real-world behavior, employing physical switches, routers, and firewalls to simulate a more realistic environment. Cloud networks may exhibit unusual behavior due to enhanced security measures implemented for added protection. includes a simulated Wi-Fi environment that mimics real-world networks, allowing college students to experience and explore various community types. To further enhance our research capabilities, we will introduce cloud-based targets within the laboratory, allowing scholars to seamlessly integrate on-premise and cloud-based platforms and reap the benefits of each environment.
has recently become a matter of public record, allowing anyone to access. Despite security concerns, we’ve chosen to keep our CML internet interface private; nonetheless, we plan to discontinue its use and relaunch it at a larger scale in the near future.
Although Wheresis an open-source project not officially affiliated with Cisco, its platform serves as an excellent starting point for customers seeking to build custom hacking scenarios using a cloud-based infrastructure.
Recently, our team has collaborated with the CML group on an innovative project for Cisco’s internal coaching initiative. This program enables our ethical hackers to leverage CML as a tool for conducting thorough security testing of every Cisco product, thereby ensuring unparalleled safety and quality standards. As a personal endeavour, this project has unexpectedly evolved into a promising possibility for an open-source solution.
The innovative approach to community-based offensive security testing lies in its entirely distinct methodology for ensuring safety. We’ve successfully deployed our operation in Google Cloud, with satisfactory results so far.
We have been employing instances of. These configurations enable you to deploy the CML image, typically provided as an ISO file or utility bundle, into either Amazon Web Services (AWS) or Microsoft Azure environments for setup and configuration. Terraform is a tool that enables the definition, management, and versioning of cloud and infrastructure resources using a human-readable configuration file, also known as infrastructure as code (IaC). Infrastructure as Code (IaC) simplifies the process of consistently and efficiently managing, updating, and scaling infrastructure components.
While our initial setup proved successful, scaling the operation became a challenge as we discovered that running CML on multiple bare-metal machines within an Amazon Web Services (AWS) cluster would incur significant costs. To ensure seamless communication, we stipulated that each laboratory accepts connections from the web and initiates connections to the web using both IPv4 and IPv6 protocols, with distinct address assignments. We found that the Google Cloud Platform successfully fulfilled our requirements. CML utilizes its own hypervisor, a software layer allowing a single machine to host multiple virtual machines (VMs), which operate simultaneously without interference. The hypervisor is a crucial security safeguard.
CML’s open-source hypervisor leverages the Linux Kernel-based digital machine (KVM) technology, in conjunction with a comprehensive toolkit designed to facilitate seamless interactions with various virtualization platforms. You can deploy virtualized infrastructure on a dedicated hardware platform, akin to the Cisco Unified Computing System (UCS), allowing for the seamless operation of virtual machines. This CML hypervisor enables us to deploy nested virtualization scenarios within a digital machine environment hosted in the cloud, while also allowing us to run standalone digital machines for lab purposes.
Through our program, remote customers using a standard internet browser will gain access to their dedicated virtual lab (a cluster of configurable, cloud-based resources) for seamless and flexible computing. As a result of its proven effectiveness within our internal teams, we successfully persuaded the CML team to collaborate on documenting Terraform modules that leverage Google Cloud Platform to scale our training efforts.
I aim to document a Google Cloud deployment and seamlessly integrate these modifications into the core DevNet repository as soon as possible.
We aim to increase the adoption of lab provisioning for coaching purposes. The primary iteration of this technique is the course itself. Although we offer various internal cybersecurity training sessions, they do not employ the Cybersecurity Management Lifecycle (CML).
Thanks to Cloud-based Model Lifecycle (CML), users can seamlessly collaborate from anywhere, accessing their CML project in the cloud for effortless testing and iteration. The thing that makes using it so compelling is because.
Upon executing a Terraform command, 20 virtualized laboratory environments, or pods, are provisioned and ready for utilization. With all configurations in place, you’re ready to deploy your solution, provided you have a valid CML subscription. While not every image is freely available due to its licensed status with Windows, individuals can still create their own custom images that aren’t provided by default.
We aim to expand the scope of this course in the future. Stay informed about a compelling alternative to traditional Cisco training and CML, which will enable you to expand your knowledge of hacking techniques and gain valuable insights on how to enhance the security of your network.
Join | Be part of the .
Useandto hitch the dialog.
Share:
