CyTrONE: Integrated Cybersecurity Training Framework
CyTrONE is a cybersecurity training framework that simplifies the training setup process through an approach that integrates training content and training environment management. CyTrONE is being developed by the Cyber Range Organization and Design (CROND) NEC-endowed chair at the Japan Advanced Institute of Science and Technology (JAIST) in Ishikawa, Japan.
An overview of CyTrONE is provided below, illustrating the overall workflow, as well as the interaction with several external modules also developed by CROND. Thus, based on input from an instructor and information retrieved from a training database, CyTrONE uploads the training content to a Learning Management System (LMS) via the helper tool called CyLMS, and creates the associated training environment via the cyber range instantiation system CyRIS; a third module, named CyPROM, can be used to manage the scenario progression in order to include dynamic elements in the training activity, such as real-time attacks, etc. As for the trainees, they can access the LMS to consult the training content, connect to the cyber range to conduct the necessary investigation, and provide answers also via the LMS.
While the CyTrONE distribution already includes some sample training content to get you started, we also released independently more training content via the CROND web page. This additional content comprises a set of CTF (Capture The Flag) style questions, as well as a set of questions inspired by the NIST Technical Guide to Information Security Testing and Assessment.
We have prepared install scripts that can be used to set up the entire CyTrONE framework, including CyRIS, CyLMS, CyPROM and the Moodle VM, on a single host. Due to specific differences, separate versions of the script are available for the Ubuntu 16.04 LTS and Ubuntu 18.04 LTS host operating systems. Alternatively, please refer to the next information on the prerequisites for running CyTrONE, and on how to set up and use the framework. More details about CyTrONE are available in the user guide published on the releases page that also includes the latest stable version of the software.
If manual setup is prefered, such as in the case of employing multiple cyber range hosts, the following steps must be carried out before using CyTrONE:
The following optional components can also be installed:
To set up CyTrONE manually, follow the steps below:
code/
: Framework source code written in Pythondatabase/
: Sample training content for CyTrONEmoodle/
: Sample configuration file for CyLMS/Moodlescripts/
: Helper scripts for managing and using CyTrONEscripts/CONFIG.dist
as templateNote that the following software is required to run CyTrONE (some of these requirements are shared with CyLMS and CyRIS):
Assuming that the entire CyTrONE framework was set up, either via the install scripts mentioned above or manually, following are the basic steps necessary to use it:
Start the execution of the CyTrONE framework.
$ ./start_cytrone.sh
Create a new training session by running the command below and selecting one of the pre-configured menu choices displayed (these choices can be customized by modifying the script itself). Alternatively, the web-based UI can be used for this purpose.
$ ./create_training.sh
Information about how to access the created cyber range will be
displayed; verify that the cyber range is accessible and that training
content is displayed in the Moodle LMS. The helper script
get_notification.sh
can also be used to retrieve this information at
any time. Trainees must be provided with the details regarding the
instance allocated to each of them before each training.
End the created training session (assuming the session id is
1
). Again, the web-based UI can also be used for this purpose.
$ ./end_training.sh 1
Stop the execution of the CyTrONE framework when all the training sessions were completed.
$ ./stop_cytrone.sh
For a research background regarding CyTrONE, please refer to the following paper:
For a list of contributors to this project, please check the file CONTRIBUTORS included with the source code.