| The original intention of the Internet is to interconnect computers all over the world.As the number of interconnected computers continues to increase,the scale of the network is also expanding.The Internet has become more and more complex,and the accompanying network security issues are crucial.In order to solve network security problems,it is important to understand network attacks.It is obviously impractical to conduct attack drills in a real production environment for the purpose of studying network security.Therefore,it is a feasible option to conduct attack and defense drills in a simulation environment.Such an environment requires a lot of time and resources.In order to facilitate the management and construction of the drill environment,the cyber range is proposed.This thesis mainly studies the construction of a multi-target environment that can be used for offensive and defensive experiments,and realizes an automated rapid deployment tool for thus environment.The thesis proposes a multi-target environment design and its automated deployment scheme based on cloud computing services.The main works are as follows:1.The overall architecture of the multi-target environment is designed.After analyzing the multi-target environment,we choose to use the IaaS layer of cloud computing service to manage computing resources,network resources,target images and other resources.Based on the understand of the cloud computing framework OpenStack and virtualization technology,OpenStack services in the physical environment to support the virtualization and management of the underlying resources of the multi-target environment are deployed.2.The automated deployment tool is designed and implemented.First,the overall process of constructing a multi-target environment is analyzed and is divided into three modules,namely the topology file generation module,the analysis topology file module,and the virtual environment construction module.Then,each module function is designed and realized separately.The topology file generation module is based on the LAMP architecture.The JTopo framework is used to complete the visual drawing of the topology and the configuration of node attributes,interacting with the database to obtain data,generates a topology file in JSON format,and the key-value pair storage method in the json file is used to describe network topology and computing nodes.The parsing topology file module is implemented using python to generate configuration files that can be used for cloud computing platforms to build virtual environments,and at the same time node information is stored in the database.The virtual environment is builded according to the configuration file,which uses the OpenStack framework to manage and allocate virtual resources,and completes the creation of virtual machine nodes,network nodes and other nodes through the OpenStack command line tool.3.The target images with different vulnerability environments are builded.By using of the existing vulnerability library,the target images are made.After creating a virtual machine,experimenters can eliminate the deployment process and directly perform experiments,simplifying the operation of experimenters and reducing the time-consuming overhead of their deployment environment.The thesis uses dvwa and vulhub vulnerability environments as examples to build a multi-target environment and test automated deployment tools and target images.The results show that the multi-target environment can be successfully deployed in an automated manner and the targets images can be attacked and defensively tested through external network. |
PDF Full Text Request