If you've ever been to Cisco Live and seen the booth with a display for you to pick locks, then you know about the Cisco Advanced Security Initiatives Group (ASIG). We arechartered with security testing and ethical hacking for all Cisco products and services, whether in the cloud or on-premises. Anything Cisco sells, we have a go at it and try to break it-finding vulnerabilities as early as possible-before it's deployed on the internet and reaches customer environments.
Our Product Security Incident Response Team (PSIRT) distributes information about discovered vulnerabilities to help harden Cisco offerings. If you have a vulnerable scenario, learning how to exploit these vulnerabilities in a network could help you determine what mitigations to apply and strengthen your security posture.
Every year, we have a class calledBecoming a Hacker, which teaches students how to ethically hack into a simulated network so they can learn how to protect it. It's mainly for interns from colleges and high schools involved in cybersecurity studies.
TheBecoming a Hackercourse gives students exposure to a real-world network (using Cisco Modeling Labs [CML]). This simulated network acts more like what they would see on-premises, using physical switches, routers, and firewalls. Cloud networks are typically more locked down (rightly so) and behave differently.Becoming a Hackeralso features a simulated Wi-Fi network, so students get exposed to various network types. We plan to have cloud targets in theBecoming a Hackerlab eventually, so the students will have a blend of virtual on-prem and in-cloud targets, getting the best of both worlds.
Becoming a Hackerhas recently become public, so anyone can access the course materials via Github. Of course, we do not make the CML web interface public for security reasons, but we can quickly take it down and start it back up at scale.
WhileBecoming a Hackeris created by volunteers and is not an official Cisco product, it does provide a great starting point for customers who want to create their own hacker training scenarios using a cloud account.
A course on ethical hacking, also known as penetration testing or white-hat hacking, is crucial for companies in the long run, helping them identify and fix vulnerabilities before malicious hackers can exploit them, thus strengthening the network against future attacks. Training in ethical hacking can also help companies comply with security regulations and save money, avoiding the cost of legal fees, fines, and business loss from data breaches. Overall, this kind of training improves security awareness throughout the organization, leading to better security policies and training for employees to help them recognize and respond to potential threats.
The premise is that when you engineer something to be secure, you must learn to break it. That way, you will know what to look for within your own networks. A common finding is an OS command injection vulnerability, a web vulnerability in which the attacker uses existing APIs to execute arbitrary code by tacking on an additional operating system command using special characters.
One example is a web interface that allows you to ping a host so you can confirm reachability through that web interface, which may allow those characters to execute commands other than a ping. When you understand the kind of damage a hacker can do to your network, you can better understand the criticality of defending it.
Lately, we've been working with the CML team for Cisco's internal training, which lets our ethical hackers use CML to do security testing for every Cisco product. However, what started as a private project is turning into a potentially significant opportunity for an open-source solution.
It's an entirely different way of building a network so that you can do offensive security testing. We've been running it in Google Cloud, and it's working great.
We've been using examples of Terraform configurations on DevNet. These configurations allow you to take the CML image generally provided as an ISO image or application package and cloudifyit for installation in Amazon Web Services (AWS) or Microsoft Azure. Terraform is a tool for defining and managing IT infrastructure using code, or infrastructure as code (IaC). IaC makes it easier to set up, update, and scale your resources consistently and efficiently.
While that was working well, we soon realized that to run it at the scale we needed, we would have to run CML on more than one bare-metal machine in a cluster in AWS-and that gets expensive. We also required that each lab could accept connections from the Internet and initiate connections to the Internet with IPv4 and IPv6 using unique addresses. We found that the Google Cloud Platform met our needs nicely.CML runs its own hypervisor, which is software that allows a single computer to run several virtual machines (VMs) simultaneously. The hypervisor is a security measure.*
CML's open-source hypervisor is based on Linux Kernel-based virtual machine (KVM) and libvirt, a toolkit to manage virtualization platforms. It allows you to run virtual machines on server hardware like the Cisco Unified Computing System (UCS). This CML hypervisor can run nested on virtual machine instances in the cloud and run virtual machines by itself to support our labs.
By taking this course with CML, users connecting remotely with a web browser will get their own pod (a group of virtual, exploitable machines). And since it's been working so well for our internal teams, the CML team was agreeable when I offered to write the Terraform modules to use Google Cloud Platform to expand our training.
I hope to document a Google Cloud deployment and integrate these changes into the main DevNet repository soon.
We want to make this method of provisioning labs for training more universal. TheBecoming a Hacker Foundationscourse is the first iteration of this method. We also offer other cybersecurity classes internally, but none use CML... yet.
Because CML allows you to interface from anywhere, you can access your CML instance on the cloud and do testing. It's so compelling to use becauseit's all automated.
For example, when we run a Terraform command, 20 pods (virtualized labs) are ready for use. We have all the configs to deploy it if you have a CML subscription. While not all of the images are fully public because it has a licensed Windows image, a user could easily create their own images not provided out-of-the-box.
We hope to expand this course over time. Stay tuned for more info on this great opportunity for Cisco training and CML to help you learn more hacking tips and tricks to better secure your network.
NOTE:Cisco Modeling Labs is a commercial and officially supported product from Cisco.Learn more
Sign up for Cisco U. | Join the?|?YouTubeCisco Learning Network.| Join the?Cisco Learning Network.
Follow Cisco Learning & Certifications
X?|?Threads | Facebook?|?LinkedIn?|?Instagram|?Threads | Facebook?|?LinkedIn?|?Instagram?|?YouTube
Use #CiscoU and?#CiscoCert?to join the conversation.
There's no vulnerability in Cisco Modeling Labs (CML) that we know of, but we're deploying a lab (pod) that has devices in it that are vulnerable. CML allows you to make a networking topology, not only for routers but also for servers and hosts. You can deploy a Linux or Windows machine into it. It's all based on a kernel-based virtual machine (KVM), a virtualization technology that turns a Linux machine into a hypervisor, allowing multiple isolated virtual environments to run on a single host machine.
Hypervisors are critical to the security of virtualized environments, especially if you run machines that might execute vulnerable code. Some important ways hypervisors address security include:
Here are a few other security measures we use for ourBecoming a Hackersite:
Secure Organizations by Thinking Like a Hacker
Exploring AAA and TACACS Configuration with Cisco Modeling Labs