Polygon for multi-level penetration testing training

    Every year the number of cyber crimes grows exponentially. Hacker attacks become more and more complex and the question of how to secure your data become more important then ever. But in parallel rises a question of how to educate new cybersecurity engineers with up-to-date ways to protect sensitive data against cyber attacks. The answer to that question was made in the department of Solid-State Electronics and Information Security of the Uzhgorod National University.
Polygon for multi-level penetration testing training is a new and efficient way of practical education for future cybersecurity engineers in penetration testing. This polygon spans across the whole department and includes a dozens of working machines, servers and various network facilities such as firewalls, routers, switches and IPS/IDS devises.
The system works in a Blue vs Read team environment, where studens are divided into two separate groups – Read team and Blue Team. The purpose of Red team is to attack and gain access of the key servers on the main network to then have a capability to influence every device of that particular network. The purpose of Blue team, on the other hand, is to defend key servers and the main network from members of Red team, find and eliminate any breaches that the network has and block all of Read team members from the main network.
Both teams are connected to the same main network, however each team has a different sub-network, which makes their experience more difficult, especially with an addition of false machines, the purpose of which is to confuse students and make the task much more difficult.
This system is a very efficient way to teach students how to pefrorm a penetration testing and how to respond to the cybersecurity attacks not only by being a part of a Blue team, but also being a part of the Red team as well, which allows them to understand the mindset of a cybersecurity criminal.
Polygon for multi-level penetration testing provides a great learning experience to cybersecurity stundets and can grant a valuable knowledge to the next generations of future cybersecurity engineers.

Malitskii Bohdan, Cherepov Oleksandr, Kalkutin Serhii, Rizak Vasyl