CRE-B Student Guide_v2.3.2 Jerry edit.docx

Full Transcript

**STUDENTGUIDE**

[M1 \| Introduction to the Platform 3](#m1-introduction-to-the-platform)

[M2 \| Using the Network Specification Wizard to Create a Range
26](#m2-using-the-network-specification-wizard-to-create-a-range)

[M2 \| Practical Exercise 67](#_bookmark2)

[M3 \| Modifying a Deployed Range 68](#m3-modifying-a-deployed-range)

[M3 \| Practical Exercise 105](#_bookmark4)

[M4 \| Greyspace in PCTE 110](#_bookmark5)

[M5 \| User Emulation 145](#_bookmark6)

[M5 \| Practical Exercise 181](#_bookmark7)

[M6 \| Mirror Interfaces 182](#m5-mirror-interfaces)

[M6 \| Practical Exercise 187](#_bookmark9)

[M7 \| Manually Creating a Simple Range
190](#m6-manually-creating-a-simple-range)

[M7 \| Practical Exercise 210](#_bookmark11)

[M8 \| Structured Content 215](#m7-structured-content)

[M8 \| Practical Exercise 239](#_bookmark13)

[M9 \| External Subnets 241](#m8-external-subnets)

[M9 \| Practical Exercise 248](#_bookmark15)

M1 \| Introduction to the Platform
==================================

### This is the first module of the Certified Range Engineer -- Basic (CRE-B) course and introduces students to various PCTE platform elements. The PCTE platform elements are the building blocks used to produce realistic, versatile ranges for use in instructional content, as well as training and exercise events.

#### [Learning Objectives]{.smallcaps}

1. Discuss the various elements of the PCTE platform

2. Distinguish between the PCTE event types

3. Discuss the function of the Clone Source

4. Explain the relationships between content modules, structured
content plans, and course plans

#### [Module Topics]{.smallcaps}

- The PCTE Platform

- The Elements of the PCTE UI

- Content Elements

- Event Types

[Overview]{.smallcaps}
----------------------

- Hold certification events

- Rehearse missions

- Host large, multi-team, geographically dispersed exercise events


[Lobby]{.smallcaps}
-------------------

- PCTE Portal (where content and events reside)

- Contact Support (for technical issues)

- The Help Desk is also referred to as the Jira Service Desk (JSD)

- Mattermost Chat Services

- Wiki (in-platform Confluence spaces for information sharing)

- Portal Platform Tutorials

- Cyber Gym

[Portal Home Page]{.smallcaps}
------------------------------


1. The *My Events* pane includes:

- Upcoming events

- Active events

- Completed events

2. The *Featured Content* pane:

- Displays content set by administrators of the user\'s
organization

- Is selected from the *Content Catalog* (discussed later in the
module)

3. The *User Sidebar* pane shows:

- Summaries of individual and team structured content events

- Profile information


- Portal Home

- Training

- Events

- Content Authoring

- Network Design

[Training App]{.smallcaps}
--------------------------


[Network Design App]{.smallcaps}
--------------------------------


[Network Specifications]{.smallcaps}
------------------------------------

- Virtual Machines (VMs)

- Subnets

- Domains

- Boot Groups

- Users

- Configuration Hierarchy


[Ranges]{.smallcaps}
--------------------


- Select, start, and stop virtual networks

- Find VMs, change states, and open consoles

- Upload files directly into the network

- View the activity of other network users

- View the network topology diagram

[Clone Sources]{.smallcaps}
---------------------------


[Network Elements]{.smallcaps}
------------------------------


#### [Configuration Modules]{.smallcaps}

#### [Puppet Modules]{.smallcaps}


#### [External Subnets]{.smallcaps}

#### [Physical Assets]{.smallcaps}


- Routers

- Mobile Devices

- Facilities

- Switches

[Content Authoring App]{.smallcaps}
-----------------------------------


#### [Structured Content Plans]{.smallcaps}

- **Individual** -- intended for individual learning. Each student is
given their own set of tasks and VMs within an event.

- **Team** -- intended for use by a group of users working together.
Students share all tasks and VMs within an event.

#### [Tasks]{.smallcaps}

- **Information tasks** -- provide information to event participants
or instruct them to

- **Question tasks** -- present questions to event participants who
may receive points if they answer correctly

#### [Task Chains]{.smallcaps}

- **Introduction** (1 information task)

- **Ethernet** (2 information tasks, 1 question task)

- **IP** (3 information tasks, 2 question tasks)

- **TCP** (2 information tasks, 1 question task)

- **UDP** (1 information task, 1 question task)

- **Summary** (1 information task)

[Events App]{.smallcaps}
------------------------


- **Individual Structured Content Events** are SCPs organized into
series designed for

an individual to independently learn or rehearse certain skills and at
their own pace.

- **Team Structured Content Events** are scheduled events of set
durations that assess, train, validate, and challenge a group of
participants in operationally relevant contexts.

- **Team Exercise Events** are scheduled training events of set
durations where one or more teams execute Mission Essential Tasks in
realistic operational environments. Teams may operate cooperatively
or competitively, depending on exercise design and goals.

[Event Types]{.smallcaps}
-------------------------

#### [Live Action Events]{.smallcaps}


#### [Completed Events]{.smallcaps}

#### [Courses]{.smallcaps}

[Help Desk]{.smallcaps}
-----------------------

#### [To access JSD:]{.smallcaps}

1. From the Portal, select your profile icon with your initials at the
bottom left side of the

2. Select **Contact Support**.

- JSD may also be directly accessed from the RCS lobby by
selecting the **Contact Support** tile or with a direct link

- If you receive an error after selecting **Contact Support**, try
using the direct link.

3. If you are redirected to the PCTE login page, log in using the same
method you use to log

M2 \| Using the Network Specification Wizard to Create a Range
==============================================================

### In this module, you will learn how to create a new network specification using the Network Specification Wizard and apply VM repetition groups to deploy multiple VMs in groups. Finally, you will review the resulting network specification, modify it, and deploy it to a range.

#### [Learning Objectives]{.smallcaps}

1. Understand how to use the Network Specification Wizard to build an
enterprise

2. Understand the configuration options available in the Network
Specification Wizard

3. Differentiate between network specifications and deployments

4. Understand VM repetition groups and their use

5. Understand how to modify an existing VM repetition group

#### [Module Topics]{.smallcaps}

- Network Specification Wizard

- VM repetition groups

- Config groups

- Creating Deployments

- Creating Live Action Events

- Master-Agent relationship in Puppet

[Overview]{.smallcaps}
----------------------

#### [Design Goal]{.smallcaps}

- Domain Controller: 1

- Internal and External Mail Services and DNS

- Internal File Server: 1

- Windows 10 Workstations joined to the Domain: 3

- Windows 7 Workstations joined to the Domain: 3

[Creating Network Specifications with the]{.smallcaps}
------------------------------------------------------

1. Select the **Network Design** application, **Network Specs**, and
then select **New Wizard Spec**.


2. Complete the **Overview** tab fields as shown, and then select
**Proceed To Internet**:

- **Name**: CREB-*\*-DemoMod2-*\*

- **Description**: Enter short description (e.g., *My Netspec
Wizard Dem*o)

- **Industry:** *Optional* information that will be contained as
metadata

- **Environment Type:** *Optional* information that will be
contained as metadata

- **Security Posture:** *Optional* information that will be
contained as metadata

- **Traffic Generation**: Leave the Traffic Generation value set
to None.

3. Select the **No Internet** option**,** and then select **Proceed to
Organizations**.


#### [Simulated Internet]{.smallcaps}

- Root domain name system (DNS) services

- Cached copies of real-world websites

- BGP-based wide area network with one or more virtual ISPs

- Threat presentation (OPFOR) tools

- **SimSpace Virtual Network**

- **Metova Grey\* (\*This is how "Metova Greyspace" is referenced in
the PCTE. For our purposes, we will use "Metova Greyspace"
throughout this student guide.)**

- **Metova Persistent Greyspace**

4. Complete the fields as shown, and then select **Next**:

- **Name**: zoomcord

- **External Domain**: zoomcord.com -- 70.39.165.192/30

- **Internal Domain**: zoomcord.lan -- 172.16.0.0/16

- **Host Sensors**: (deselect this check box)

[Organizations Tab -- Boundary Defense]{.smallcaps}
---------------------------------------------------


- **Firewall** -- Allows us to regulate traffic crossing the device
based on a set of rules that can check items like source or
destination IP and/or port, and protocol being used. Often, they are
configured to allow traffic to pass that matches a rule set and deny
everything else coming from external to internal nodes. Likewise,
traffic traversing from internal to external nodes often have fewer
safeguards. The Wizard requires this firewall, so you cannot uncheck
it.

- **Reverse Proxy** -- This service can handle incoming connections to
services offered in the range. It breaks the point-to-point
connection and allows inspection of requests and content coming into
the network\'s public facing services.

- **Mail** -- The boundary mail server sits in the DMZ and passes
incoming mail to the secured/internal mail servers as well as
handling outgoing mail coming from the internal mail server.

5. Complete the *Boundary Defense* options as shown and then select
**Next**:

- **Firewall**: selected check box, **Default** drop-down

- **Reverse proxy**: deselected

- **Mail**: selected, resources set to 4 CPU x 4 GB Memory


[Organizations Tab -- Infrastructure Section]{.smallcaps}
---------------------------------------------------------

- **DC** -- A domain controller is essential to a Windows domain.
There are often more than two DCs per domain, but the Wizard only
provides for one to conserve resources. These DCs:

- provide domain **Account** and **Authorization** services, and

- usually host the internal Domain Name System (DNS).

- **Exchange** -- The Microsoft mail server is the internal mail
server in a Windows

- **File Server** -- Windows Server used for network-based file storage
and sharing

- **SharePoint** -- Microsoft knowledge-management platform

- **SQL** -- MS SQL Database server

- **Proxy** -- Handles outgoing connections for many application
protocols

- acts as an intermediary on behalf of the clients

6. Complete the **Infrastructure** options as shown and then select
**Next**:

- **DC**: checked box, resources set to 4 CPU x 4 GB Memory

- **Exchange**: checked box, resources set to 4 CPU x 4 GB Memory

- All others deselected

[Organizations Tab -- Client Subnet Groups Section]{.smallcaps}
---------------------------------------------------------------

- **Workstation Name Prefixes**: For this example, configure an **ops**
prefix to the names of operations systems added to the subnet. This
results in workstation names such as **zoomcord-ops\#**. There is a
16-character limit for Windows hostnames. The **zoomcord-ops\#**
portion is already 13 characters, so keep this character limitation
in mind when designing your range.

- **OS Options**: This section is also where you will select which OS,
Windows 7, or Windows 10. If another OS type is needed, for example
a Linux workstation, you would have to edit the network specification
after completing the Wizard to add it manually. It's a good idea to
add it now as a Windows VM and then manually change the VM Template
to Linux after completing the Wizard.


7. Complete the **Subnet Name** fields as shown and then select **Add
More Hosts**:

- **Subnet Name**: operations

- **Client Prefix**: ops

- **Count**: 2

- **Traffic Gen.**: Disabled

- **OS**: Windows 10

8. Complete the new **Subnet Name** fields as shown and then select
**Add Client Group**:

- **Subnet Name**: operations

- **Client Prefix**: ops

- **Count**: 1

- **Traffic Gen.**: Disabled

- **OS**: Windows 7


9. Complete the **Subnet Name** fields as shown. If additional,
different hosts are desired, select **Add More Hosts** to create
them. When done adding all the required Client Groups and Hosts,
select **Next**.

- **Subnet Name**: Research

- **Client Prefix**: rsch

- **Count**: 2

- **Traffic Gen.**: Disabled

- **OS**: Windows 10

- **Count**: 1

- **Traffic Gen.**: Disabled

- **OS**: Windows 7

[Organizations Tab -- Security Tools Section]{.smallcaps}
---------------------------------------------------------

- **Antivirus** -- Available antivirus enterprise solutions are:

- HBSS\*

- **SIEM** -- Security Information and Event Management is a
collection and analysis system for security event related data.

- ELK (now known as the Elastic Stack) is the only option

- **NIDS** -- Network Intrusion Detection System

- Security Onion is the only available option

- **Operator Platforms** -- Think of these as systems that OPFOR
or Red Team would use. Select one or both options.

- Windows Ops platform (Currently Mandiant's FLARE VM)

- Kali Linux

- #### Incident Response

- GRR (Google Rapid Response) -- Google\'s hunt management platform

- #### Forensics

- SANS SIFT Forensics Workstation (Linux)

- **Vulnerability Assessment** -- Adds an ACAS NESSUS\* server to
perform internal network vulnerability scans.

#### \*PCTE does not provide licensing. Your organization must provide its own license.

10. Leave the **Security Tools** fields at their defaults and select
**Next** to display the *Review*


[Finalize the New Network Specification]{.smallcaps}
----------------------------------------------------

[Visualizations]{.smallcaps}
----------------------------

1. Select Visualization from the Element Selection pane.


- The **arrow keys** will pan

- The **plus** and **minus keys** +/- will zoom in and out

- **Do Fit** will change the zoom (not the position of the elements)
so that everything in the network will fit inside the window

- **Print Graph** will allow you to download a.PNG graphic of the
visualization

#### [Save and Commit]{.smallcaps}

#### [View Changes Button & Panel]{.smallcaps}


- **BLUE**: 1 saved but uncommitted actions

- **YELLOW**: 3 unsaved actions

- **RED**: 3 errors

#### [Save a Draft]{.smallcaps}

1. Select **View Changes button** to display the **Changes Panel**.

2. The panel slides open. You will see the unsaved and /or uncommitted
changes listed in their own sections, and an **Undo** button to the
right of each. (For now, *do not select* **Undo**, as this would
revert the change to its prior state.)

3. Select **Save** in the **Unsaved Changes** section of the **Changes
Panel** to save your changes**.**



4. Select **Commit** to display the **Commit Specification Draft**
pop-up window.

5. In the **Commit Specifications Draft** pop-up window, add a
descriptive annotation (e.g., "Initial configuration" or similar),
and then select **Confirm** to create **Version 1** of this network
specification.

6. For any errors, select the hyperlinked error from the Errors pane of
the Change Panel. The link will take you to the associated
configuration page to correct the errors.

7. Click anywhere on the screen to close the **Change Panel.**

8. Select **Visualizations** and confirm the network map reflects the
design you intended.


[Deploy a Range]{.smallcaps}
----------------------------

1. From the open Network Design application, select **Project Home**
from the top of the

2. If not already selected, select the latest version, in this case
**Version 1.**

3. Select **New Deployment** to display the New Deployment pop-window.

4. Enter a deployment name (e.g.,
**CREB-\-Mod2Demo-Deployment-\) and
select the specified Deployment Target.

5. Select Create & Continue.


- **None** -- take no action (do not start)

- **Start** -- boot the system

- **Start and Configure** -- boot and configure according to the network
specification settings including configuration modules. Requires
Puppet server ("simspace-mgmt") in network and Puppet agent
installed on VM image associated with VM template.

6. Ensure that all VMs' **Provision Actions** are set to *Start +
Configure*.


7. Select the **Manage Reservation** menu item.

8. Select **Create Deployment Reservation**.


9. Select the organization assigned under the **Resource Provider**
drop down. Most users will see very few options listed here. In many
cases only one option.

10. Enter the **Reservation Dates** for the desired time of the reserved
resources. For this example, use today's date for the **Start** and
tomorrow's for the **End**:


11. Select **Build Range** to start the range deployment process. You
should be returned to


#### [Create a Live Action Event]{.smallcaps}

1. Select **+** (Add) in the **Ribbon** bar, and then select **Event**
to display the **Choose Event Type** pop-up window.

2. Select **Live Action Event,** then **Create** to establish the new
event.


3. Complete the **Event Name** and **Description** fields in the
*General Info* tab of your new event:

- **Name**: CREB-\-Mod2Demo-LAE-*\*

- **Description**: Test event for CREB class

#### [Verify the Deployment]{.smallcaps}

1. Select the **Events** application, and then select **Live Action
Events**.

2. Locate your live action event and select it.

3. Select **Network Design** to display the selection dialogue.

4. #### Select I have an existing Deployed Network.


5. Select **Select Deployed Network** and locate your range using the
**Search** bar in the


- **Virtual Machines** -- allows direct access to range VM consoles
and their current statuses. This option allows you to take action on
one, all, or a subset of range VMs, for example, to shut down all
Windows systems. Screen is organized by the defined VM groups.

- **Network Map** --depicts a visual representation of a deployed
range based on the spec's Visualization. In addition, the Network
Map will display if a network node is currently running or not. If a
VM is running, a system console window to that VM can be opened from
this screen.

- **File Management** -- allows for the uploading of files less than
10GB in size to a common repository accessible in a deployed range.
This is discussed further in later content modules.

- **User Emulation** -- is used to administer advanced simulated user
activity. This is discussed further in later content modules.

- **Network Activity Logs** -- displays a log of range activities such
as which users access VM consoles.

- **Range Status** -- depicts information about system health.

6. Access the **Virtual Machines** page from the **Event** menu, and
then select **Open Console** for the **zoomcord-ops0** system. This
is where you get to interact with each VM.


#### [VM Console]{.smallcaps}


- **Incognito Mode** -- When enabled (eye symbol is dark), your name
does not appear in the list of users consoled into this specific VM.
This lets you view a user's actions without them knowing.

- #### Interactive/Non-interactive Modes

- When disabled (pointing figure is light), you can interact with
the VM in any

- When enabled (pointing figure is dark), you cannot interact with the
VM. This is useful for \"shoulder surfing" (i.e., observing the
user's actions without accidentally interfering).

- **On**-**Screen Keyboard** -- When enabled (keyboard is light), an
on-screen keyboard will cover the lower 1/3 of the console screen.
Don't leave the Shift, Ctrl, or Alt buttons depressed on the
on-screen keyboard when you deactivate it. Those buttons will *stay*
pressed, and you'll find typing difficult.


1. **Control-Alt-Delete** signal to a VM -- This is handy when working
with a Windows


2. **Send Text To Client** -- Lets you paste information directly into
a VM. The example below shows how to enter a string of text and use
**Submit** to paste it at the cursor's current position.


#### [Add Participants to an Event]{.smallcaps}

1. Select **Participants** in the **Event Planning** subgroup, and then
select **Add Users**.


2. Use the **Search** field to search for your instructor's name.

3. Select your instructor's name selection box to add it to the list
below.

4. Repeat steps **2** and **3** to add any additional name(s) to the
list.

5. Select the **Event Manager** checkbox.

6. Select **Apply And Close**.

#### [Share a Network Specification]{.smallcaps}

1. From the **Overview** section of your network specification, select
the **vertical ellipsis** in the right corner, and then select
**Share**.


2. Use the next drop-down to search for a specific user or organization
to give permissions

- **List:** Allows the user or members of the organization to see the
network

- **View:** Allows the user or members of the organization to select
and view details

- **Edit:** Allows the user or members of the organization to modify a
network

- **Delete:** Allows the user or members of the organization to delete
a network

3. Once you select a user or organization and set the appropriate
permissions, select


- Once the user or organization is added to the list, you can modify
the permissions (for example, to correct a mistake) instead of
deleting them and going through the process above.

- When adding an organization, you have the ability to enable the
option to Share With Descendants. This allows **ALL** other
organizations specifically that fall under the one you selected to
inherit the same permissions.

4. To remove a user or organization from the sharing settings, hover
over it to display the **X**, and then select it.

5. Select **Save** to save all modifications.


1. Using the Network Spec Wizard, build a new network specification,
deployment, and live

- **Net Spec Name**: CREB-*\*-Mod2-PE-*\*

- **Deployment Name**: CREB-*\*-Mod2-PE-Deployment-*\

- **Live Action Event Name**: CREB-\-Mod2-PE-LAE-*\*

- IP range External CIDR - 70.39.165.192/30

- IP range Internal CIDR - 172.16.0.0/16

- Firewall

- DMZ that includes:

- External Mail Server (resources set to 4 CPU x 4 GB Memory)

- Infrastructure Subnet that includes:

- Domain Controller (resources set to 4 CPU x 4 GB Memory)

- Mail Server (resources set to 4 CPU x 4 GB Memory)

- Client Subnets: 2

- HR

- IT

- Windows 10: 2

- Windows 10: 1

2. Share the network specification with the **Instructors**.

3. Add each instructor to the event as **Event Managers**.

4. Before closing, power down the **zoomcord-core-router** VM (in the
LAE) to prepare for the next module.

M3 \| Modifying a Deployed Range
================================

### In this module, you will modify an existing network specification and then use it to update an actively deployed range.

#### [Learning Objectives]{.smallcaps}

1. Understand how planning impacts range design

2. Modify an existing network specification using the tools available in
the Net Spec Editor

3. Demonstrate how to implement updates to network specifications in a
deployed range

4. Understand a configuration module and its implementation

5. Understand external subnets and their purpose

6. Understand level configuration and inheritance

7. Correlate range services to their component parts

#### [Module Topics]{.smallcaps}

- Plan your build

- Modify an existing network

- Boot Groups

- Local Subnets

- VM Templates

- Virtual Machines

- Configuration Modules

- Level Configuration

- External Subnets

- Users and Domains

- Range Services

- Control Network

- SimSpace Management VM

- Control-DHCP VM

- Vyatta Routers

- Updating the deployed range

[Overview]{.smallcaps}
----------------------

- Add more assets in a range

- Update a deployed range using a modified network specification

- Complete a practical exercise that reinforces and applies these
learning objectives

#### [Design Goal]{.smallcaps}

- An additional boot group

- An additional VM template

- Two additional VMs

- An additional subnet

#### [Plan the New Range Design]{.smallcaps}

#### [Original Network Specification]{.smallcaps}

#### [Expanded Network Specification Requirements]{.smallcaps}

+-----------------------------------+-----------------------------------+
| | **Value** |
+===================================+===================================+
| | **9-zoomcord-New Workstations** |
+-----------------------------------+-----------------------------------+
| | **zoomcord-Accounting** |
+-----------------------------------+-----------------------------------+
| | **JCTE-ES-CRE-CENT** |
+-----------------------------------+-----------------------------------+
| | **zoomcord-acctg** |
+-----------------------------------+-----------------------------------+
| | **analyst1 (T: JCTE-ES-CRE-CENT / |
| | IP:)** |
| | |
| | **analyst2 (T: JCTE-ES-CRE-CENT / |
| | IP:)** |
+-----------------------------------+-----------------------------------+

- Another boot group for the new workstations:

+-----------------------------------+-----------------------------------+
| | **Value** |
+===================================+===================================+
| | 1-SimSpaceMgmt 2-ControlDHCP |
| | |
| | 3-RangeServices 4-Internet |
| | |
| | 5-zoomcord-Infrastructure |
| | 6-zoomcord-Servers |
| | |
| | 7. 8. 9. |
+-----------------------------------+-----------------------------------+

- Another subnet to connect the new workstations**:**

+-----------------------------------+-----------------------------------+
| | **Value** |
+===================================+===================================+
| | Control |
| | |
| | Range-Control |
| | |
| | zoomcord-dmz |
| | |
| | **zoomcord-Accounting** |
+-----------------------------------+-----------------------------------+

- Another VM template to create additional VMs (**JCTE-ES-CRE-CENT**
VM template):

+-----------------------------------+-----------------------------------+
| | **Value** |
+===================================+===================================+
| | Control DHCP Exchange 2013 |
| | SimSpace Management Vyatta Router |
| | |
| | Windows 10 |
| | |
| | Windows 2012R2 Server Windows 7 |
| | |
| | Windows Server 2016 |
| | |
| | **JCTE-ES-CRE-CENT** |
+-----------------------------------+-----------------------------------+

- Another VM group for the new workstations:

+-----------------------------------+-----------------------------------+
| | **Value** |
+===================================+===================================+
| | zoomcord-dmz zoomcord-security |
| | RangeServices |
| | zoomcord-edge-router zoomcord-ops |
| | zoomcord-core-router |
| | zoomcord-rsch |
| | zoomcord-infrastructure |
| | |
| | **zoomcord-acctg** |
+-----------------------------------+-----------------------------------+

[Modified Network Specification Plan]{.smallcaps}
-------------------------------------------------

#### [Modification 1 -- New Draft]{.smallcaps}

1. To perform the following modification, you will need to retrieve your
Network Specification. Select the **Network Design** application,
then **Network Specs**. Search for **your initials**, and then find
and select your network specification from the list (***CREB-***


2. Select **Edit Network Spec**.

3. In the *Element Selection* pane, select the **Version 1** drop-down,
and then select the


#### [Modification 2 -- Boot Groups]{.smallcaps}

- A delay of X seconds.

- A dependency (prerequisite) for a previous boot group to boot first

1. Select ***Boot Groups*** from the ***Element Selection*** pane.

2. Then select **Add Group**.

3. In the new group\'s **General** tab, complete the fields as shown,
and then select **Create**:

- **Name:** 9-zoomcord-New Workstations

- **Delay:** 60


4. In the **Dependencies** section, select **7-zoomcord-Security** from
the drop-down.

#### [Modification 3 -- VM Templates]{.smallcaps}

1. Select **VM Templates** from the *Element Selection* pane, and then
select **Add Global VM Template**.


2. Search for the string **JCTE**, and then select the
**JCTE-ES-CRE-CENT** VM template.

3. Select **Add** to add the VM template to the network specification.


#### [Modification 4 -- Local Subnets]{.smallcaps}

1. Select **Subnets** from the *Element Selection* pane.

2. Select the drop-down arrow next to **Add External Subnet**.

3. Then select **Create Local Subnet**.

4. Enter the subnet name and select **Add Subnet**.


5. The Range Engineer must define the network address when creating the
Local Subnet. The subnet's Default Gateway is not required, but it
is highly recommended. This is the only place to define the subnet's
default gateway. For this example, complete the **Subnet** and
**Default Gateway** addresses as shown:

- #### Name: new-workstations

- **Subnet address:** 172.16.8.0/24

- **Gateway address:** 172.16.8.1

#### [Modification 5 -- Add VM Interface]{.smallcaps}

#### [Add VM Interface]{.smallcaps}

1. Select **VMs** from the *Element Selection* pane, and then select
the **zoomcord-core- router** VM. Be careful to choose the core
router, not the edge router.


2. Select the *Networking* tab, and then select **Add Connection**.

3. Complete the fields indicated, and then select **Submit**.

- **Device Type:** E1000

- **Subnet**: new-workstations

- **IP Address**: 172.16.8.1


4. The *Networking* tab updates to reflect the new VM interface.

#### [Modification 6 -- Add VM Group and VMs]{.smallcaps}

1. Select **Add VM Group**, enter **New Workstations** as the **Group
Name**, and then select

#### Create.


2. Complete the **VM** fields as shown for the first additional VM, and
then select **Create**.

- **VM Name**: analyst1

- **Description**: leave blank

- **VM Template**: JCTE-ES-CRE-CENT

- **Boot Group**: 9-zoomcord-New Workstations

3. Select the *General* tab, review the VM settings and confirm they are
correct.


4. Select the *Networking* tab, and then select **Add Connection**.

5. Complete the fields as shown, and then select **Submit**.

- **Type**: Standard

- **Device Type**: Vmxnet3

- **Subnet**: new-workstations

- **IP Address**: 172.16.8.20

- **Mac Address**: Generated


6. Refer to the network diagram and our pre-planning to perform the
steps necessary to create the **analyst2 VM**.

7. Select **Visualizations** from the *Project Home* panel to see a
representation of the


[Configuration Modules]{.smallcaps}
-----------------------------------

#### [Add new config module to network spec from the global library]{.smallcaps}

1. Select the **Config Modules** element.

2. Then select **Add Global Config Module.**

3. Search the global library for the configuration module that needs to
be added, and then


4. In the **Module Configuration** drop-down, select the configuration
module to assign to

- **Control DHCP** -- Assigned to the **control-dhcp** Vyatta router
and configures the router to assign the entire range\'s Control
Network IP address (the 10.10.0.0/16 Network) to each of the VMs.

- **Generic Vyatta** -- Assigned to the **control-dhcp** Vyatta router
and must also be applied to any Vyatta router used in the network
specification. It starts the minimum services and configures the
interfaces on the router by pulling in the information assigned to
the interfaces in the network specification.

- **Generic Vyatta: Control Firewall** -- Required for all Vyatta
routers within the network specification and creates and sets a rule
on the routers to block all traffic from the control network from
crossing that router. This prevents any potential control network
traffic from crossing the router and being seen in game on the
range.

- **MCollective Agents** -- Any VM in the network specification that
will utilize configuration modules is required to have MCollective
Agents on it, as this configures the Puppet agent so that it
communicates with the Puppet master and can work with the other
configuration modules.


[Level Configuration]{.smallcaps}
---------------------------------

- Individual VMs

- Groups of VMs (based on OS type)

- An entire network specification

- User-defined groups

#### [Level Configuration Groups]{.smallcaps}

- **Common** -- This is applied to ALL VMs in the network
specification, meaning that every VM inherits common configuration
modules. Typically, this is used to push the **MCollective Agents
Configuration Module** to all VMs.


- **OS** -- This is applied to VMs based on what OS family they fall
into. For example, if you have many Windows 10 VMs that need NetBIOS
to be disabled, you can create a grouping to apply the Windows
Disable NetBIOS to all Windows 10 VMs in the network specification.
You can further filter the OS group by OS version number and OS
architecture (as recorded in the VM template). So, you can apply the
Windows NetBIOS Disable to, say, only Windows 10 VMs but not Windows
7 VMs.

- **Config Group** -- Config groups are arbitrary, user-created groups.
They are used to assign multiple config modules to multiple VMs that
don't have any other group in common. Range Engineers can assign
them to VMs and VM groups as they see fit, but they still inherit
everything from **Common** and any OS groups that apply to them.

- Contains a config module to join a domain

- Is applied to all workstations that need to be a part of the domain

- Excludes the VMs that are similar (but not required as part of the
domain)

#### [Add VMs to a Config Group]{.smallcaps}

1. Select the desired config groups from the drop-down under the VMs'
*General* tab.


#### [Users and Domains]{.smallcaps}

1. Navigate to **Domains** in the left panel.

2. Select **Users** in the **Content** panel.


[Modification 7 -- Save and Commit]{.smallcaps}
-----------------------------------------------

1. Select the **View Changes Button** to display the **Changes Panel**.

2. Select **Save** in the *Unsaved Changes* section.

3. Then select **Commit** in the *Uncommitted Changes* section.

4. Enter a description, and then select **Confirm**.


5. Verify that a new version (should be **Version 2** in your work), of
the network specification appears in the Project Home panel. Notice
that the screenshot below is up to version 3. This is because the
author **Committed** an additional version at some point.

[External Subnets]{.smallcaps}
------------------------------

- #### simspace-mgmt

- **control-dhcp**


#### [Adding an external subnet to a network specification]{.smallcaps}

1. Select the *Subnets* tab on the left, and then select **Add External
Subnet**.

2. Search for your subnet, select **Add.**

3. To use the external subnet, add it to a VM:

- Click on the VM's **Networking** tab and add a new interface

- Set the interface's **Type** to **External**

- Set the Device Type to match the other interfaces on the VM. If
you're unsure, start with **Vmxnet3**

- Select the **External Subnet** from the drop-down


[Control Network and Range Control VMs]{.smallcaps}
---------------------------------------------------

- **SimSpace Management** -- simspace-mgmt

- **Control DHCP** -- control-dhcp

#### [Simspace Management VM (simspace-mgmt)]{.smallcaps}

- The VM must be Included, and named **simspace-mgmt** (all lowercase)

- Be assigned two specific network interfaces:

- An external interface assigned to the external subnet
**Range-Control**

- A network interface on the local subnet **Control** with the IP
address of

#### [Control DHCP VM (control-dhcp)]{.smallcaps}

- Include the VM named **control-dhcp** (all lowercase)

- A network interface on the local subnet **Control** with the IP
address 10.10.0.254/16


- Control DHCP

- Generic Vyatta

[Deploy the New Range]{.smallcaps}
----------------------------------

#### [View and Modify Deployment Settings]{.smallcaps}

1. Select **Project Home**, and then select the **Version 1** network
specification.


2. Select the **vertical ellipsis** next to the deployment, and then
select **Open** to display the

3. Select the latest version (should be Version 2) from the version
drop-down to display


4. Change the provision action for both **analyst1** and **analyst2**
to **Start,** b*ecause the VMs do not have the Puppet Agent
installed.*

5. Validate that the **zoomcord-core-router** has the **Deployment
Action** state changed to

6. Your existing reservation is for the old version of the spec. But
you have added 2 new VMs, each needing their own resources over and
above that, so you now need to increase the reservation to handle
the increased load. This will resolve the "Error" indicators to the
right of the new VMs as well as the "Build Issues" error indicator.


7. Keep in mind that the number of VMs and the necessary memory
automatically have the new higher numbers. All that's necessary to
do is, select **Update**.

8. Select **Build Range** to start the range deployment process.


9. Select the **vertical ellipsis,** and then select **Open** to
display the deployment settings.

10. Select the **Manage Reservations** tab, and then select the link to
the connected Live Action Event.


11. Verify that the two new VMs have been deployed into the active
range.

12. Check the network map to verify the range is as planned.

[Vyatta Routers]{.smallcaps}
----------------------------


1. Modify your previously created network specification
**CREB-*\*-Mod2-PE-*\*** to meet the
following design specifications:

- Another new boot group: 1

- New VM group: 1

- New subnets: 1

- New VM template imported: 1

- New VMs: 2

2. Complete the following edits to your new network specification (refer
to the ***[Amplifying Information]{.smallcaps}*** section following
these steps):

- Add the **JCTE-ES-CRE-Kali** VM template to your network spec

- Create a new VM group and create two new VMs using the
**JCTE-ES-CRE-Kali**

- Deploy your network specification to a new live action event

- Configure your Kali VMs to be able to communicate with the rest
of the

- Test your network specification by logging into an HR workstation
with user

#### [Amplifying Information]{.smallcaps}

1. Open a console to each Kali VM and log in with:

- **Username**: kali

- **Password**: kali

2. Right-click the **Desktop** and select **Open Terminal Here**.


3. Run the **sudo** command as shown to elevate to root, and then
reenter the root password

#### kali.

4. Run the **nano** command as shown:


5. Press **CTRL + O**, release, and then **Enter** to save the file.

- Finally, press **CTRL + X** to exit nano.

6. Run the ifup command as shown to bring up eth0:

7. Run the ip a command to verify that the interface came up and has
the correct IP address:


8. Run the **ping** command as shown to ping the subnet gateway:


M4 \| User Emulation
====================

### In this module, you will learn how to build and modify a deployment for User Emulation (UE) in a network specification and how to deploy UE into a range. You will use the Wizard to create a new range to incorporate UE and Metova Greyspace, then learn how to modify the UE configuration settings and deploy these changes into a new range. Once the range is deployed, you will learn how to interact with UE in an event.

#### [Learning Objectives]{.smallcaps}

1. Add User Emulation to an existing network specification

2. Add Metova grayspace to network specification

3. **Understand how to configure User Emulation**

4. Create User Emulation runs within a network specification

5. Create and manage User Emulation within an event

#### [Module Topics]{.smallcaps}

- User Emulation configuration

- User Emulation deployment

[Overview]{.smallcaps}
----------------------

[Network Specification Creation]{.smallcaps}
--------------------------------------------

1. Select **Network Specs**, and then select **New Wizard Spec**.

2. In the *Overview* section, complete the fields as shown, and then
select **Proceed to the Internet**:

- **Name**: CREB-*\*-DemoMod-5-*\*

- **Description:** CRE-B Module 5 User Emulation

- **Traffic Generation**: User Emulation


3. In the *Internet* section, select **Metova Grey**, and then select
**Proceed to Organizations.**

Metova Greyspace is being included in the Network Specification as
it serves as a simulated Internet that is localized to the Range. As
the Range Engineer, you will have complete control over this
environment, allowing you to implement any necessary changes to meet
specific requirements.

However, it\'s important to note that the use of Metova Greyspace
may have some drawbacks. It utilizes additional resources, which
will count against your resource quota. Furthermore, it is designed
to be isolated and should not be shared with any other Range,
ensuring that your modifications and configurations remain exclusive
and secure.

A screenshot of a phone Description automatically generated

4. In the *Organizations* section, complete the fields as shown and then
select **Next**.

- **Name:** Organization name

- **External Domain:** External domain name

- **External CIDR:** External CIDR

- **Internal Domain:** Internal domain name

- **Internal CIDR:** Accept the default created by the Wizard

- **Nagios Host Sensor:** Disable


5. Select the **Mail** checkbox, set to 4 CPU x 4 GB Mem, and then
select **Next**.

6. Select the **Exchange** option as well, set each to 4 CPU x 4 GB
Mem, and then select

#### Next.


7. Complete the client info as shown:

- **Subnet Name:** it-workstations

- #### Client Prefix: it

- **Count:** 2

- **Traffic Gen.:** Enabled

- **OS:** Windows 10

[Personas]{.smallcaps}
----------------------

8. Scroll down to the *Network User Personas* section and select **Add
More Personas**. The


9. Select **Next** to move on to the Security Tools section.

10. The *Security Tools* section displays. Since this example does not
use these features, select next to display the network *Review*
page.


11. Review all the selections you made during the Wizard setup and
ensure they are accurate. Once you have reviewed everything, select
**Finalize Network** to create your new network specification.

[Network Specification Overview]{.smallcaps}
--------------------------------------------


- Windows Join AD

- Joins the VM to an Active Directory domain defined in the spec

- Windows Install Internet Cert

- Allows the UE workstation to surf to HTTPS sites in greyspace

- Set File Share

- Makes a network file share available on the VM


[Traffic Configuration]{.smallcaps}
-----------------------------------

#### [Simulated User Activity]{.smallcaps}

- **Source**: select **User Emulation**

- **Server**: select the **user-emulation** VM

- **Control Subnet**: select **Control**




#### [Traffic Personas]{.smallcaps}


- Select the **+ Block** at the top of the activity blocks section.
This creates a brand-new blank activity block.

- Select the **Vertical Ellipsis** next to the activity block time and
duplicate it. This creates an exact copy of the activities and
weights from the block that you copied. New activity blocks
automatically start as soon as the previous one ends. (You can also
use the **Vertical Ellipsis** to delete an activity block.)




#### [Traffic Settings]{.smallcaps}

- The **Delay Between Actions** setting lets you adjust the frequency
that something takes place on a VM. The more VMs you have, the
longer the delay between actions needs to be, to avoid overloading
the system. For 50 UE VMs or fewer, 30 seconds should be sufficient.

- The **Login Mistype Percentage** lets you choose how often UE fails
when logging into the VM. This can be useful for generating failed
logins typical to most networks.

- The **Social Media Domain** is set to facebook.com and cannot be
changed. This is due to the social media server that you can attach
to UE.

- The **Error Threshold** setting controls the number of attempts UE
takes to perform an action before resetting on that specific VM.
Sometimes network actions can interfere with UE and this option lets
UE restart on this VM after a certain period.

- The **Sikuli Timeout** option is associated with Sikuli scripts.
Sikuli is a scripting utility that allows you to create actions on
the VM by recognizing the graphics on the screen. We do not cover
Sikuli scripting in this course, but more information is available
at [www.sikulix.com.](http://www.sikulix.com/)


#### [Web Corpus]{.smallcaps}

#### [Email Corpus]{.smallcaps}


[Range Deployment]{.smallcaps}
------------------------------

1. Create a new deployment for this range with the name
**CREB-*\*-DemoMod5- Deployment-*\***.

2. In the *Review Deployment* section, set the **user-emulation** VM to
**Start**. This VM does not need to be set to **Start + Configure**
as no Puppet modifications are being made to it.


3. Select **Manage Reservation** and then **Create Deployment
Reservation** for this deployment as shown in Module 2. Use the
default Resource Provider, and set the reservation to expire
Thursday at midnight.

4. Once your reservation is **Active**, select **Build Range**. While
this is deploying, the

- Select the **+** button on the purple PCTE pane and then **Event**.
Select **Live Action Event**, and then select **Create**.

5. Name the event (**CREB-*\*-DemoMod5-LAE-*\***) and give it a description.

5. Select the *Network Design* section, and then:

- Select the **I have an existing Deployed Network** option.

- Select **Select Deployed Network** to display the *Import
Deployed Network* pop-up.

- Search for your Mod 5 deployment (using the *Search* bar) and
then select it.

- Select **Import**.


[User Emulation Management]{.smallcaps}
---------------------------------------

1. In the event, select **User Emulation** to display the UE overview
section.

2. To view what is being run via the **Admin-Commands.txt** corpus file,
download the file and view it in a text editor. To download the file,
click the down arrow to the right of the file name.


3. Select **Manage Runs**.

- **Configure** -- Configures the UE agents with the configurations
outlined in the runs file

- **Validate** -- Attempts to log into each one of the VMs to validate
that the server has access and the agent is working correctly

- **Start** -- Starts a UE run and causes agents to begin taking
actions within the network

- **Pause** -- Pauses a UE run

- **Resume** -- Resumes a paused UE run

- **Stop** -- Completely stops a UE run and causes VMs to log out of
their UE profile Notice the filter options, search field, and hosts
bar.


#### [Configure VMs]{.smallcaps}

4. Select the Network **Action** drop-down.

- Select the **Configure** option.

- Select the Network **Apply Action** button.

- Restart the VM.

- Select the VM, and then select **Configure** in the VM **Action**
drop-down.

- Select the VM **Apply Action** button.

#### [Validate VMs]{.smallcaps}

5. Select the Network **Action** drop-down:

- Select the **Validate** option.

- Select the Network **Apply Action** button.


#### [Start the UE Run]{.smallcaps}

6. Select the Network **Action** drop-down:

- Select **Start**.

- Select the Network **Apply Action** button.

#### [Verify the UE Agent]{.smallcaps}

7. Once UE is running on the VMs, open one of the workstations and
verify what the UE agent is running (as shown in the example below).


[UE Deployment Updates and Troubleshooting]{.smallcaps}
-------------------------------------------------------

#### [Updates]{.smallcaps}

#### [Troubleshooting]{.smallcaps}

1. Create a new network specification named
**CREB-*\*-Mod4-PE-*\***

- Metova Persistent Greyspace

- DMZ

- Mail Server (4 CPUx 4 GB Mem)

- Internal Servers

- DC (4 CPUx 4 GB Mem)

- Exchange (4 CPUx 4 GB Mem)

- Client Subnets

- IT Workstations

- Windows 10: 2

- HR Workstations

- Windows 7: 2

2. Make the following changes to the UE configuration:

- IT Workstations - Use Chrome as the browser for 1 workstation
and Firefox for 1 workstation

- HR Workstations - Use Firefox as the browser

- For the users with Firefox as their browser, set a login mistype
of 10%

- Set one (1) user in each of the IT and HR workstations as
administrative personas

3. Create a new deployment with the name
**CREB-*\*-Mod4-PE-Deployment-**

4. Import your deployment into the event.

5. Configure, validate, and start UE.

6. Verify UE is running correctly on each of the workstations.

7. Share the network specification with the **Instructors**.

8. Add the instructors to the event as **Event Managers**.

M5 \| Mirror Interfaces
=======================

### In this module, you will learn about mirror interfaces, examine cases for their use, demonstrate how to use them, and verify traffic collection in a range.

#### [Learning Objectives]{.smallcaps}

1. Understand what mirror interfaces are and why to use them

2. Understand how to create a mirror interface

3. Employ a mirror interface in a network specification

4. Deploy a network with a mirror interface and verify collection

#### [Module Topics]{.smallcaps}

- Mirror interfaces

- Creating a mirror interface

- Deploy the network with mirror interface

[Mirror Interfaces]{.smallcaps}
-------------------------------

#### [Network Details]{.smallcaps}

- **Collector-1:**

- Is running Security Onion

- Is connected to **Router-1**\'s **SPAN Port** via **ETH0**

- **ETH0** is set to **promiscuous** mode

- **Security Onion** is configured to monitor interface **ETH0**

- #### Router-1:

- Is configured with a **SPAN Port**

- Is set to span (forward) all **User VLAN** traffic (both in and
out) to **Collector-1**

#### [Mirror Scenario]{.smallcaps}


#### [Add a Mirror Interface]{.smallcaps}

1. Select the VM's **Networking** tab, and then select **Add
Connection**.

2. Complete the fields as shown, and then select **Submit**.

- **Type**: Mirror

- **Device Type**: Vmxnet3

- **Nic**: core-router-1 / users


3. Finally, save, commit, and update the deployment.

- Import the JCTE-ES-CREB-Security-Onion template into the range.

- Deploy a Security Onion server using the
**JCTE-ES-CREB-Security-Onion** VM template.

- Connect the Security Onion to the core router on a new
192.168.100.0/24 subnet.

- Configure the interfaces with the following:

- **Interface 2** -- Mirror Interface. Set this interface to mirror
the core router's connection to the workstation subnet.

- Verify Security Onion receives traffic from the workstation subnet

- Verify your Core Router can ping your JCTE-ES-CREB-Security-Onion
VM.

#### [Use Security Onion to Verify the Mirror Interface]{.smallcaps}

1. Open a console to the **Security Onion** VM and log in:

- **Username**: onion

- **Password**: Simspace1!@

2. Select the **Kibana** shortcut on the desktop to display the VM
console.

3. Log in to Kibana using these credentials:

- **Username**: onion

- **Password**: Simspace1!@

4. Select **Discover** to display the **Discover** tab.


5. Select **Open** from the top right menu.

6. Run and open the query:


M6 \| Manually Creating a Simple Range
======================================

### In this module, you will learn how to build a simple range with only the minimum elements required for a network specification. You will then practice adding VMs, subnets, and other artifacts on to it, then deploy it and create an event to access the VMs.

#### [Learning Objectives]{.smallcaps}

**6.1** Understand the required network specification elements

**6.2** Create a live action event for testing

**6.3** Upload a file to an Event

**6.4** Deploy a new range from a network specification to an event

#### [Module Topics]{.smallcaps}

- Network specification

- Subnets

- VM templates

- Virtual machines

- Create a live action event

- File Management

- Deploy a range

[Overview]{.smallcaps}
----------------------

#### [Design Goal]{.smallcaps}

#### [Network Specification]{.smallcaps}

- **New Empty Spec** -- Start from scratch and manually add and
configure all required

- **New Spec from Blueprint** -- Use an existing network specification
as a model (or "blueprint") that you copy and modify to meet your
specific requirements.

#### [The New Empty Spec Tool]{.smallcaps}

1. From the **Network Design** application, select **Network Specs** to
display the **Network Spec** tab.

2. Select the **vertical ellipsis** (next to **New Wizard Spec**), then
select **New Empty Spec**

3. Complete the **Name** field (using the naming convention) and
**Description**, and then select **Create Project**. It is not
necessary to fill in the other fields.


#### [Add a VM Template]{.smallcaps}

1. Within your Mod 7 demo network specification, select **VM
Templates** from the *Element Selection* pane, and then select **Add
Global Template.**


2. Enter **ubu** in **Search** to find the Ubuntu VM template.

3. Select the **JCTE-ES-UBU-14** VM template.

4. Select **Add** to add the template to the network specification.


#### [Add VM Groups to a Network Specification]{.smallcaps}

1. Select **VMs** from the *Element Selection* pane, and then select
**Add VM Group**.


2. Enter **Servers** as the group name, and then select **Create**.

3. Complete the **VM Name**, **VM Template,** and **Boot Group** fields
as shown, and then select **Create**.

4. You should now see the General tab for your new VM:


5. Save and Commit your changes

[Network Specification Blueprints]{.smallcaps}
----------------------------------------------

#### [The New Spec from Blueprint Tool]{.smallcaps}

1. From the **Network Design** application, select **Network Specs** to
display the **Network Specs** tab.

2. Select the **vertical ellipsis** (next to **New Wizard Spec**), then
select **New Spec From Bluepint** from the drop-down.

3. The **New Network Spec From Blueprint** window displays

4. Complete the **Name** field (using the naming convention) and
**Description.**

5. Click on the down arrow for **Blueprint\*** and select the source
network spec -- the one that is being copied. If there is a long
list, search for the name by just typing it. There is no search bar,
so just start typing the name while the list is on the screen: In
this example we will select "SimSpace-Minimum-Design".

6. All Network Specs that can be copied will have at least one version
number. After selecting the Blueprint, select the "**Blueprint
Release\***" (the version number). Choose the latest version unless
you are certain you want an earlier version:


7. Select **Create Project.** The new network specification's **Project
Home** page displays:

#### [Simspace-Minimum-design Network Specification]{.smallcaps}

- #### Config Modules

- Control DHCP

- Generic Vyatta

- Generic Vyatta: Control Firewall

- MCollective Agents


- #### VM Templates

- Control DHCP

- SimSpace Management

- #### VMs

- control-dhcp

- simspace-mgmt


- #### Boot Groups

- 1-SimspaceMgmt

- 2-ControlDHCP

- 3-RangeServices

- #### Level Configuration

- Common

- MCollective Agents


- #### Subnets

- Control (Local)

- Range-Control (Global)

#### [Adding an external subnet to a network specification]{.smallcaps}

1. Select the *Subnets* tab on the left, and then select **Add External
Subnet**.


2. Search for your subnet, select **Add.**

3. To use the external subnet, add it to a VM:

- Click on the VM's **Networking** tab and add a new interface

- Set the interface's **Type** to **External**

- Set the Device Type to match the other interfaces on the VM. If
you're unsure, start with **Vmxnet3**

- Select the **External Subnet** from the drop-down

#### [Net Spec Design Plan]{.smallcaps}

+-----------------------------------+-----------------------------------+
| | **Value** |
+===================================+===================================+
| | 1-SimspaceMgmt 2-ControlDHCP |
| | |
| | 3-RangeServices |
| | |
| | **4-workstations** *(put |
| | analyst-1 and analyst-2 here)* |
+-----------------------------------+-----------------------------------+
| | Control (Local) |
| | |
| | Range-Control (Global) |
| | |
| | **local-1-subnet (172.10.10.0/24) |
| | local-2-subnet (172.30.10.0/24)** |
+-----------------------------------+-----------------------------------+
| | Control DHCP SimSpace Management |
| | **JCTE-ES-CRE-CentOS** |
| | |
| | **Vyatta Router** |
+-----------------------------------+-----------------------------------+
| | RangeServices |
| | |
| | **Workstations** |
+-----------------------------------+-----------------------------------+
| | control-dhcp simspace-mgmt |
| | **vyatta-rtr** |
| | |
| | **analyst-2 (172.26.10.10)** |
| | *(use the JCTE-ES-CRE-CentOS vm |
| | template)* |
+-----------------------------------+-----------------------------------+


[Build and Deploy the New Range]{.smallcaps}
--------------------------------------------

1. Save and commit to create numbered version.

2. Create your deployment in the numbered version, following our naming
convention of **CREB-*\*-Mod6Demo-*\.***

3. Select the **vertical ellipsis** next to the deployment, and then
select **Open** to display the *Build Setup* page under Manage VMs.

4. These CentOS VMs do not have Puppet agent installed, so change the
provision action for both **analyst1** and **analyst2** to
**Start**.

5. Now we need to create your deployment reservation. Select the
**Manage Reservation** menu item and **Create Deployment
Reservation**.

6. Select **Create**.

7. Select **Build Range** to start the range deployment process.

[Create a live Action Event to Interact with the Deployment]{.smallcaps}
------------------------------------------------------------------------

1. Select **+** (Add) in the **Ribbon** bar, and then select **Event**
to display the **Choose Event Type** pop-up window

2. Select **Live Action Event,** then **Create** to establish the new
event.


3. Complete the **Event Name** and **Description** fields in the
*General Info* tab of your new event:

- **Name**: CREB-\-Mod6Demo-LAE-*\*

- **Description**: Test event for CREB class

1. Select the **Events** application, and then select **Live Action
Events**.

2. Locate your live action event and select it.

3. Select **Network Design** to display the selection dialogue.

4. #### Select I have an existing Deployed Network.

5. Select **Select Deployed Network** and locate your range using the
**Search** bar in the

6. Add your Instructors as **Event Managers** in the **Live Action
Event and** share the

7. Verify that the two new VMs have been deployed into the active
range.

8. Check the network map to verify the range is as planned.

[File Management]{.smallcaps}
-----------------------------

#### Upload a File to an Event:

1. Select **Events \> File Management** to upload files from the portal.


2. Select **Upload File**, and then select the file to upload.


1. Create a new network specification from the
**SimSpace-Minimum-Design** blueprint and modify it to meet the
following criteria:

#### [Net Spec Design Plan]{.smallcaps}

+-----------------------------------+-----------------------------------+
| | **Value** |
+===================================+===================================+
| | 1-SimspaceMgmt 2-ControlDHCP |
| | |
| | 3-RangeServices |
| | |
| | **4-workstations** |
+-----------------------------------+-----------------------------------+
| | Control (Local) |
| | |
| | Range-Control (Global) |
| | |
| | **kali-3-subnet |
| | (192.168.**3.0**/24)** |
+-----------------------------------+-----------------------------------+
| | Control DHCP SimSpace Management |
| | **JCTE-ES-CRE-Kali** |
| | |
| | **Vyatta Router** |
+-----------------------------------+-----------------------------------+
| | RangeServices |
| | |
| | **Workstations** |
+-----------------------------------+-----------------------------------+
| | control-dhcp simspace-mgmt |
| | **vyatta-rtr** |
| | |
| | **kali-3** |
+-----------------------------------+-----------------------------------+

- **Name**: CREB-*\*-Mod6-PE-*\*

- Deploy the **JCTE-ES-CRE-Kali** and **Vyatta Router** VM templates
as a VM

- Use the following IP space for the Kali boxes:

- Add the base configuration modules to the imported Vyatta router

2. Deploy your range.

- **Name**: CREB-*\*-Mod6-PE-Deployment-*\*

3. Create a new live action event to host your range and associate your
deployment with it.

- **Name**: CREB-*\*-Mod6-PE-LAE-*\*

4. Configure and verify your range using the ***[Amplifying
Information]{.smallcaps}*** section following these steps.

5. Share the network specification with the **Instructors**.

6. Add each instructor to the event as an **Event Manager**.

7. When you have completed this practical exercise, your network map
should resemble


#### [Amplifying Information]{.smallcaps}

1. Open a console to each Kali VM (**kali-1**, **kali-2**, and
**kali-3**) and log in with:

- **Username**: kali

- **Password**: kali

2. Right-click the **Desktop** and select **Open Terminal Here**.


3. Run the **sudo** command as shown to elevate to root, and then
reenter the root password

#### kali.

4. Run the **nano** command as shown:


5. Press **CTRL + O**, release, and then **Enter** to save the file.

- Finally, press **CTRL + X** to exit nano.

6. Run the ifup command as shown to bring up eth0:

7. Run the ifup command as shown to bring up eth1:


8. Run the **ping** command as shown to ping the subnet gateway:

9. If the **ifup** command in Steps 6 or 7 OR the Ping command in Step
8 fail, restart the VM and try again. If it still fails, notify the
instructor.


M7 \| Structured Content
========================

### In this module, you will learn all the steps necessary to use the simple range you built for a single-user training facility called a Structured Content Event.

#### [Learning Objectives]{.smallcaps}

1. Create a Clone Source (CS) from a deployed range

2. Create a Content Module (CM) containing the Clone Source

3. Create a Structured Content Plan (SCP) containing that Content
Module

4. Create a Structured Content Event (SCE) from the Structured Content
Plan

#### [Module Topics]{.smallcaps}

1. Clone Sources

2. Content Modules

3. Content Elements

4. Structured Content Events

[Create a Clone Source]{.smallcaps}
-----------------------------------

- Modify a system in the range you just created in the last module
(save a text file to

- Create a clone source from the modified range

- Associate the clone source with a content module and structured
content plan

- Verify the modification persists

1. Using the Live Action Event from Module 7, select **Virtual
Machines**, and then select

2. Login with the credentials:

- **Username**: JCTE

- **Password**: operational cyber training

3. #### Select Applications \> Accessories \> Text Editor.


4. Enter a few words of text into the window, and then select **Save**.

5. Complete the **Name** field, select the **Desktop** folder (path =
/home/JCTE/Desktop), and


6. Exit the **analyst1** console and return to the Live Action Event
**Virtual Machines** for the deployed range.

7. Select the **Select All Virtual Machines** box, and the **Power
Off** option from the drop- down, and then select **Apply**. Wait
until all VMs reach the *Stopped* state.


8. Once all VMs show the **Stopped** status, return to the network
specification\'s

9. Select the **vertical ellipsis (⋮)** to the right of your deployment
and select **Create Clone Source**.

10. Complete the *New Clone Source Name* field (e.g.,
*CREB-\-Mod7Demo-CS-*


#### [Content Modules]{.smallcaps}

- Lowest unit of structured training in PCTE

- Modular, so it can be re-used among different Structured Content
Plans

- Contains both **Information** tasks and **Question** tasks

- Organizes tasks into task chains

- Generally includes a working range, deployed via clone source

- **CANNOT deploy** a range via a network specification -- only clone
sources may be deployed in content modules

- One or more content modules make up a Structured Content Plan (see
next section) collection of one or more content modules

#### [Create a New Content Module]{.smallcaps}

1. Select the **Content Authoring** application, and then select
**Content Modules**.

2. Select **New Content Module.**

3. Complete the fields as shown, and then select **ADD NETWORK**.

- **Name**: CREB-*\*-Mod7Demo-CM-*\*

- **Description**: e.g. \"Example content module for demo
purposes\"

- **Duration**: 30 minutes

- **Allow task randomization**: (accept the **checked** default)

- **License Mapping**: (accept the **None** default)


4. Use the search bar to find your clone source, select it, and then
select **Add To Module**.

5. Review the new content module\'s *Overview* tab to verify its fields
are correct, and then


#### [Add Content to a Content Module]{.smallcaps}

#### [Create a New Task Chain and Initial Task]{.smallcaps}

1. With the content modules *Tasks* menu item active, select **Create
New Chain**.

- Creating a new chain automatically adds an initial task as well,
which by default is the question type.

- Every chain must contain at least one task, so if you delete the
last task in a chain, it also deletes the chain.

#### [Convert a Question Task to an Information Task]{.smallcaps}

2. Select **Information** to convert the first task from the default
question type, and then


#### [Add an Information Task with a VM]{.smallcaps}

3. Enter a task header (e.g., *My First Information Task*), and then
enter a sample sentence or short paragraph in the task
**Description** field.

4. Select **Add VM**. The *Add VM* pop-up window displays.

5. Check the **analyst1** VM, and then select **Add To Task**.


#### [Add a Question Task with Multiple Choice Responses]{.smallcaps}

- **Selections**: Student must select THE correct response - OR ALL
correct responses in a set (e.g., \"select all that apply").

- **Short Answer**: Student must enter (or paste in) a text string
that exactly matches the correct response (or one of several
possible correct response), for example:

- **1:00 PM**

- **1:00 p.m.**

- **1300**

- **one o\'clock**

- **Multiple Choice**: Student must select the single correct response
from a list of possible responses.

- **External**: Task is located on an external site (advanced level
question type).

- **Essay**: Free form response to be graded by instructor.

6. Select the **?+** (**Add Question**) button.


7. Modify it to be a **Multiple Choice** question like the example
below:

8. Create a new **Task Chain** with a single **Information** task, and
then add the **analyst1** VM to it as shown below:


9. Select **Create** to save the content module and keep it open for
further editing.

- The first time you select **Create** in a new content module, the
button changes to

#### Update.

- Remember to select **Update** periodically as you make modifications
to your content

[Create a Structured Content Plan]{.smallcaps}
----------------------------------------------

- **Individual** -- Meant to be completed by a single user

- **Team** -- Meant to be completed by a group of users working
together

#### To test your clone source and content module, create and test a SCP.

1. In the **Content Authoring** application, select **Structured
Content Plans**, and then select **New Structured Content Plan**.


2. Complete the fields as indicated, leaving others (including Optional
fields) at their default settings:

- **Name**: CREB-\-Mod7Demo-SCP-*\*

- **Description**: Example SCP for CRE-B class.

- **Publisher**: PCTE

- **Difficulty**: Foundational

- **Enrollment Type**: Individual

- **Content Category**: Training

- **Training Type**: Instructor Led

- **Sector**: Government and Military

- **Logo (Optional)**: Upload your organization's logo

- **Banner Image (Optional)**: Upload an image to be used in event
participant lobby pages and, if the SCP is featured, in the
content catalog (a default, stock image is used if one is not
uploaded)

- **Card Image (Optional)**: Upload an image to be used as the
background image for the SCP when in tile view (a default, stock
image is used if one is not uploaded)

- **Topics (Optional)**: Tag content topics (i.e., Python, Packet
Capture, etc.) so users can easily search for relevant SCPs

- **Related Work Roles (Optional)**: Add related work roles (i.e.,
Network Analyst, Host Analyst, etc.) so users can easily search
for relevant SCPs

- **Associated Roles (Optional)**: Add PCTE-specific platform and
event roles (i.e.,


3. After completing the **Package Details** fields, select **Next** to
display the *Prerequisites*

4. This SCP has no prerequisites, so select **Next** again to display
the *Content Modules* tab.

5. Select **Add Content Modules** to view a list of available content
modules.


6. Use the filter option to filter names for
**CREB-\-Mod7Demo-CM-\**, select your
content module, and then select **Add to Plan**.

7. Verify your content module is listed, and then select **Next.**


8. Since this SCP has no assessments, select **Next** to display the
*Event Options* tab.

9. Ensure that **Self-Enrollment Eligibility** is set to **Disabled**,
accept the default for other options, and then select **Confirm** to
finalize your SCP.

#### [Schedule a Structured Content Event]{.smallcaps}

1. In the *Structured Content Plans* tab, use **Search** to filter on
**CRE**, and then find and


2. Select **Schedule Managed Event** to display the event's scheduling
options.

3. Complete the fields as follows:

- **Event Name**: *CREB-\-DemoMod8-SCE-\*

- **Description**: CRE-B Module 7 demo event

- Enable **Instant Feedback** and check the **Allow retries** and
**Show correct answer**


4. Select the *Participants* tab.

5. Expand the organizations until your name displays, and then select
the checkbox for

6. Select the *Schedule* tab.

7. Select today's date on the calendar, and then select **Save** in the
*Event Details* pop-up window.


8. Select **Create Event** to create the event and display the event
you created.

9. From the event lobby, select **Deploy Ranges** to deploy ranges for
all participants in an event.

- You also have the option to deploy a range for a given participant
(instead of all ranges at once) by selecting the **Deploy** button
for that participant name.

- Range deployment progress is displayed in the *Transitioning Ranges*
section.

- When ranges have been deployed:

- The event status changes from *Planned* to *In Progress.*

- The *Event Starting* message changes to a countdown time.

- (If this does not show correctly, try refreshing your browser.)

10. When the event status shows as *In Progress*, select **Enter
Event**.


11. Within the event, select **Open Console** to display a console to
the deployed VM.

12. Log in to the VM using the credentials:

- **Username**: JCTE

- **Password**: operational cyber training

13. Verify the text file you saved to the desktop earlier in the deployed
range appears on the


1. Power on the deployment and wait 3-5 minutes for it to boot.

2. Change the passwords on the Kali systems in your actively deployed
range.

- Log in:

- **Username**: JCTE

- **Password**: operational cyber training

- Select **Terminal** from the desktop

- Run the following command and follow the prompts:

3. Create a clone source from your modified active range.

- Power down all systems

- **Clone Source Name**: CREB-*\*-Mod7-PE-CS-*\*-

4. Create a new content module as indicated:

- **Name**: CREB-*\*-Mod7-PE-CM-*\*

- 1 task chain

- 2 information tasks with one Kali attached to each

- 1 question task

5. Create a new SCP.

- **Name**: CREB-*\*-Mod7-PE-SCP-*\*

- Include your new content module

6. Create a new SCE and verify your modifications.

7. Include your **Instructors** as participants in the new Structured
Content Event.

8. Share the new content module with the **Instructors**.

M8 \| External Subnets
======================

### In this module, you will learn about external subnets and their capabilities, limitations, uses, and configurations. You will also learn how to configure existing external subnets and use them to connect two existing ranges.

#### [Learning Objectives]{.smallcaps}

1. Understand resource concerns when using external subnets

2. Understand how to use external subnets

3. Implement external subnets to connect two ranges

#### [Module Topics]{.smallcaps}

- External subnets

- Definitions and use

- Limitations and requirements

- Managing external subnets

[Overview]{.smallcaps}
----------------------

#### [Using External Subnets With Ranges]{.smallcaps}

#### [External Subnet Limitations]{.smallcaps}

- **Segment Limit** -- Each PCTE RCS has a 10000-segment limit (that
applies to the entire RCS).

- Once this limit is reached, no more subnets can be created until
existing ones are deleted. (See note.)

- **Organization Limit** -- Use only those external subnets that are
assigned to your

- **In Use Limit** -- Use only external subnets that you are certain
you are authorized to use and have proper configuration information
for.

- Using an unauthorized external subnet, or configuring an external
subnet

#### [Create a New External Subnet]{.smallcaps}

- Create the new External Subnet

- Submit a Mapping Request

- Add the New External Subnet to a Range

1. From the **Network Design** application, select **External Subnets**
to display the *External Subnets* tab.


2. Select a listed subnet to display information about it, such as a
description, creator, and version.

3. Select **+ New External Subnet** to display the *New External
Subnet* pop-up window.

4. Complete the **Name**, **Organization**, and **Description** fields,
and then select **Create**.

#### [Submit a Mapping Request]{.smallcaps}

1. Select the icon with your initials in the lower left corner of the
screen.

2. Select **Contact Support** to display the *PCTE Saturn Jira Service
Desk 2.0* page.

- JSD may also be directly accessed from the RCS lobby by
selecting the Contact Support tile or with a direct link
([[https://rcs00-]](https://rcs00-helpdesk.pcte.mil/jira/servicedesk/customer/portal/9)
[[helpdesk.pcte.mil/jira/servicedesk/customer/portal/9]](https://rcs00-helpdesk.pcte.mil/jira/servicedesk/customer/portal/9)).

- If you receive an error after selecting **Contact Support**,
try using the direct link.

3. If you are redirected to the PCTE login page, log in using the same
method you use to log

4. Select the **Platform Content & Services** category.

5. Select the **Request for Segment (formerly known as vWire)** ticket
type.

6. Complete the fields with relevant information as shown and then
select **Create** to submit the request.

- **Raise this request on behalf of:** *\*

- #### Summary:

- Example: Request to have segment(s) created and mapped to
external subnet(s)

- #### Problem Description:

- Example: Requesting to have a subnet created and mapped to
the following external subnet(s): *\*

- **POC Phone Number:** *\*

- **Date/Time of Problem:** *\*

- **Range:** N/A

- **RCS:** *\*

- **Components:** Other

- **Impact:** *\*

- **Urgency:** *\*

#### [Add the New External Subnet to a Range]{.smallcaps}

1. Enter your Network Specification. From the *Subnets* tab, select
**Add External Subnet** to display the *Add External Subnet* pop-up
window.


2. Select **Add** for the subnet you wish to add.

1. Add an External Interface utilizing the **CRE-B Classroom External
Subnet** to your Module 2 Practical Exercise **core-router**.

2. Add an External Interface utilizing the **CRE-B Classroom External
Subnet** to your Module 6 Practical Exercise router.

3. Configure both of those routers to communicate with one another using
the ***[Amplifying Information]{.smallcaps}*** section that follows.


#### [Amplifying Information]{.smallcaps}

1. Add another external interface to your Module 6 **Vyatta router**
and your Module 2 **core- router**, **(*CRE-B Classroom External
Subnet*)** then redeploy those VMs. Assign the external subnet from
the instructions.

2. Open a console to the Module 2 **core-router** VM and log in:

- **Username**: vyatta

- **Password**: simnet

3. Enter the show int command:

- This identifies the interface assigned to your external subnet
connection. **MAKE NOTE of the interface number.**

4. Enter the following command to enter configuration mode:

5. Enter the following command to configure the interface, with the
assigned IP address given to you by your instructor and replacing
the interface name with the interface identified above (e.g.,
"eth6").

6. Once the interface is configured, commit the changes by entering the
following

7. Enter the following command to make the changes persist through
reboot:

8. Use the exit comment to exit configuration mode:


9. Repeat the steps above for the router in the Module 7 range - assign
your Module 7

10. Once both networking devices have been configured, test the
connection. Run the following command, but replace the IP address
shown with address for the router on the other end of the external
subnet connection:

11. From the **Module 6 core-router** VM, run the following command from
configuration mode, but replace the IP address shown with the address
you assigned to the Module 2 Practical Exercise **core-router**:

12. Once the route is configured correctly, commit, save, and exit
configuration mode.


13. On the **Module 2 core-router** VM, run the following command to set
up Network Address Translation (NAT), but replace the ethernet
interface with the name of your external internal interface (e.g.,
eth6):

14. Test connectivity from one network to the other network\'s
workstations. In the example below, a ping test was run from a
Windows workstation in the **Module 2** network to a Kali
workstation in the **Module 6** network.