Tips to Avoid Broken Exercise Environments

Abstract

This article will cover strategies to ensure your students' exercise environments remain stable and exhibit expected behavior. It is common for exercise environments to become broken while working on cybersecurity courseware. If you'd like more information on how to restart or reprovision a broken exercise environment, please visit our How to Restart or Reprovision an Exercise Environment article.

Most Common Issues

Changing User Login Credentials

It is required that the primary user logged into/on our VMs (typically "student") remains the same for our auto-login system to work as intended. Please avoid changing the password for this user. When working through user or password-based exercises, please create additional users for password and security demonstrations. Additionally, please do not remove the student account from the VM. This will also prevent auto-login from functioning properly.

Blocking Remote Access Services

The Cyber Range’s browser client (to your VM’s Desktop) relies on web-based RDP (Remote Desktop Protocol) connections over network websockets, as well as SSH (Secure Shell/SFTP) connections from the Cyber Range website into your Cyber Range Virtual Machine(s). Since this is the case, please avoid implementing any firewall rules that block remote access services such as RDP or SSH, which typically run on ports 3389 and 22 respectively. RDP is used to access both Windows and Linux VM desktops, and SSH/SFTP is used by our Linux systems for remote access and enabling Cyber Range file transfers between your client PCs to Cyber Range Linux VMs.

The Cyber Range client (your desktop) responds to our infrastructure via a HTTPS websocket, which forwards an RDP or SSH connection to your browser. This means you must connect to the Cyber Range via HTTPS rather than RDP or SSH. To maintain solid connectivity to your Cyber Range VMs on your client PC or laptop, always disable pop-up blockers against any of our Cyber Range URLs, and also ensure any personal firewall services do not block “websockets” out to the Cyber Range. These points are primarily a concern if you run any third-party antivirus/malware/advert blocking security suite or personal/software firewall.

Applying Software Updates

Updating the operating system or any packages on Cyber Range VMs that are relied on by courseware can change or break the user experience for a given courseware curriculum. If you plan to make any modifications to the packages or full OS upgrades, we recommend testing your changes before class.

Changing or Deleting Passwords or SSH Keys

Changing a password or deleting an SSH key in an exercise environment can disable or break key features in the environment. This can even result in the environment being completely unusable and unrecoverable. For more information on this issue, please visit the article titled Why should I not change a password or delete an existing SSH key in my exercise environment?.

---

Linux-Specific Issues

Operating System Updates

On Cyber Range VMs, system-wide operating system (OS) updates can sometimes introduce stability issues on some of our VM images. For VM rolling-release distributions, like Kali Linux, we strongly recommend avoiding system-wide updates completely since this often breaks the system. When demonstrating package update best practices, we recommend using a current/production-worth OS such as one of our Ubuntu Linux, Debian Linux or licensed Windows VMs. Updating and installing individual packages usually won't cause problems; however, we always recommend testing this before using it in the classroom!

Dist-Upgrades

For non-rolling distributions, we strongly recommend avoiding any updates to the major version release (i.e. Ubuntu 20.04 to Ubuntu 20.10). Doing this can replace the VM’s cloud-specific kernel and will likely break your remote access desktop logins.

Remote Desktop Sessions (RDP)

Cyber Range exercise environments consist of virtual machines running in the cloud that are accessed through the web browser on your local computer. Because of this, there are a few services that must remain intact on the remote virtual machines and cannot be modified or blocked by the firewall. These are the RDP (port 3389) and SSH (port 22) network services.

• RDP (port 3389): The Remote Desktop Protocol must be running and listening on port 3389. Please ensure that your firewall rules do not block this port number, as doing so will result in the loss of the connection to the remote machine.

• SSH (port 22): All of our Linux VMs need SSH access for either remote logins or SFTP (Secure File Transfer Protocol), both of which rely on port 22 being open. If the SSH service is unavailable or blocked by the firewall, the RDP connection as a whole will fail. More details for SSH "Terminal" sessions can be found below.

Terminal Sessions (SSH)

Terminal sessions require that the sshd service is running and listening on port 22. This port must be open on the firewall and should not be blocked at any time, as this will terminate your connection to the system.

The default user in the environment has Cyber Range keys in the ~/.ssh/authorized_keys directory (typically in /home/student/.ssh/authorized_keys) and should never be removed or modified.

While SSH keys can be added to the system, you must ensure that the default SSH key entries are not overwritten or modified and that the default permissions and ownerships of the files and directories remain the same.

---

Windows Environments

Older/Vulnerable Windows Target VM Issues

At least one of our environments includes an older, vulnerable Windows target VM for penetration testing labs, and is designed to remain vulnerable and cannot be licensed or patched. In order to ensure that this environment functions properly, you will need to ensure that you do not attempt to apply software updates to this older intentionally vulnerable system and that critical services are not blocked by the firewall, as this may render the system inaccessible or require a reset (wipe & reprovision) of the environment.

Current Windows VMs

If you are interested in teaching Windows Sys-Admin best practices, Desktop & Server security settings, endpoint GPOs, security & software updates, Windows host hardening, etc — then we recommend demonstrating this with one of the current, licensed Windows Desktop or Windows Servers virtual machines that can be found in the courseware catalog. Please do not apply security or software updates to our intentionally older, vulnerable Windows systems that are designed for penetration testing.

---

Provisioning Non-Persistent Exercise Environments

As an instructor, a preemptive measure you can take to help prevent broken exercise environments is to provision Non-Persistent exercise environments instead of Persistent ones.

Non-Persistent environments are ideal when your class is covering more volatile material since the environments are freshly provisioned after each session termination. This means that if one of your students accidentally executes an incorrect command and breaks their environment, assuming they can still access their environment, they can simply terminate their session and start a new one without requiring instructor involvement.

For more information on Non-Persistent exercise environments, please visit the Non-Persistent Environments section of our Persistent and Non-Persistent Exercise Environments article.

---

Have a Question? Contact Support

We're here to help you. If you still have questions after reviewing the information above, please feel free to submit a ticket with our Support Team and we'll get back to you as soon as possible.

Was this helpful?

Leave Feedback

How can we improve this article?

Thank You for Your Feedback!