Getting Started Guide

System Setup

This workshop requires attendees to deploy the SANS Cloud Security Flight Simulator to their personal AWS account. Ensure you have completed each of the following requirements before starting the workshop:

1. If you do not have one, start by creating an AWS account. Then, sign in to the account with your email address and password.

2. Download and install the Firefox browser on your machine.

   Important

   You MUST use Firefox to connect to the SANS Cloud Security Flight Simulator environment. Chrome's SmartProxy extension does not support proxy authentication.

SANS Cloud Root CA

For TLS secured connections to the services running in the SANS Cloud Security Flight Simulator, download the SANS Cloud Security CA Certificate. Then, add the CA certificate to your Firefox trusted list of certificate authorities.

1. Download the DER Encoded SANS Cloud Security CA Certificate and note the download location.

2. Open the Firefox settings by going to Firefox > Settings in the menu bar. Alternatively, you can browse to the about:preferences URL.

3. Click "Privacy & Security" in the left hand menu and scroll down to the "Certificates" section.

   

4. Click the View Certificates button.

5. In the Certificate Manager window, click the Import... button.

   

6. Browse to the directory that you downloaded the sans-cloud-ca.der file and select the certificate.

7. Select the Trust this CA to identify websites trust settings option and press OK to import the certificate.

   

8. In the Certificate Manager window, press OK to close the certificate settings window.

   

Firefox SmartProxy Extension

The SANS Cloud Security Flight Simulator server is accessible through a SOCK5 proxy. Open Firefox and install the SmartProxy extension. If you are not familiar with Firefox extensions, follow the steps below to install the SmartProxy extension.

1. From the Firefox preferences screen, select the Extensions & Themes option in the left navigation menu. Alternatively, you can browse to the about:addons URL.

   

2. Use the Find more add-ons field to search for the SmartProxy extension.

   

3. Select the SmartProxy add-on to open to the SmartProxy installation page.

   

4. Click the Add to Firefox button to start the installation.

   

5. Click the Add button in the Add SmartProxy? popup window.

   

6. Check the Allow this extension to run in Private Windows option.

   

7. Click the Okay button to complete the installation.

8. The SmartProxy extension is now installed and can be found in the top right-hand corner of the browser.

   

9. By default, the extension is not pinned to menu bar. You can pin the extension by right clicking on the extension and selecting Pin to Toolbar for convenience.

   

10. The OpenVSCode server accessible through the SmartProxy extension requires the dom.events.testing.asyncClipboard option to be enabled to paste commands into the embedded terminal. To set this option, browse to the about:config URL. Then, search for the dom.events.testing.asyncClipboard option and double click set it to true.

    

Cloud Security Flight Simulator

Launch the SANS Cloud Security Flight Simulator in your AWS account using CloudShell.

Running Costs

Running the Cloud Security Flight Simulator in your AWS Account will cost about $5.00 USD per day.

Make sure to follow the Cleanup instructions to avoid ongoing expenses.

Launch your Flight Simulator

1. Log in to the AWS Console

   

2. Change to the us-east-2 region.

   

3. Open a CloudShell terminal in a new tab.

   

4. Run the following commands to create a new directory called ace135 and change into the directory:

   mkdir ~/ace135
   cd ace135
   

   

5. In the Terminal, run the following commands from inside the ace135 directory to launch the SANS Cloud Security Simulator.

   wget https://aviata.cloud/simulator/ch03/install.sh
   /bin/bash ./install.sh flyWithK8s
   

6. The install.sh command will take a few minutes to create a new VPC and launch the Cloud Security Flight Simulator instance. Once it is finished, you will see the following:

   • The environment_summary output contains the information you need to connect to the SANS Cloud Security Flight Simulator.

   • SmartProxy Config - The name of the SmartProxy configuration file created by Terraform in the ~/ace135 directory.

   • SSH + SOCKS Connect Command - The command to connect to the simulator using SSH and the SOCKS proxy using the private key created by Terraform in the ~/ace135 directory.

   Apply complete! Resources: 20 added, 0 changed, 0 destroyed.
   
   Outputs:
   
   environment_summary = <<EOT
     Latest AMI:  ami-09c2984d7351c46f6
     Running AMI: ami-09c2984d7351c46f6
     Public IP:   3.142.200.194
   
     Local IP:          18.218.3.44
     Allow CIDR:        18.218.3.44/32
   
     Proxy Pass:        remarkably_hopefully_sterling_horse
     SmartProxy Config: /home/cloudshell-user/ace135/SmartProxy-random-name.json
   
     SSH + SOCKS Connect Command
   
       ssh -i random-name.pem -D 54809 student@3.142.200.194
   
   
   EOT
   

Import SmartProxy Configuration

The Terraform configuration creates a file called SmartProxy-random-name.json in the CloudShell ~/ace135 directory. Download this file, and then import it into the Firefox SmartProxy extension to connect to the SANS Cloud Security Flight Simulator.

1. Download the SmartProxy configuration file.

   • In CloudShell, click Actions, then Download

     

   • Choose the file called ace135/SmartProxy-random-name.json

     

   • And save the file in an easy to find location.

2. In Firefox, select the SmartProxy extension and press the Settings button.

   

3. In the SmartProxy Settings, select the Backup/Restore button.

   

4. Select the Restore Backup button to import the SmartProxy-random-name.json file.

   

5. Browse to the directory where the SmartProxy-random-name.json file was downloaded.

6. After restoring the backup, the ACE135-Range SmartProxy configuration is now available to use.

   

7. Use the SmartProxy extension to select the ACE135-Range proxy.

   

8. Firefox is now connected to the SANS Cloud Security Flight Simulator environment! All workshop-relevant traffic will be sent through the SOCKS5 proxy to your simulator server.

Explore Cloud Security Flight Simulator Services

The SANS Cloud Security Flight Simulator environment includes the following services to use during the workshop. You can sign in to each of these systems with the student's credentials:

Credentials

• Username: student
• Password: StartTheLabs

1. The OpenVSCode Server will be used for editing source code, viewing files, and running Terminal commands.

2. The Terminal can also be used for running commands. The instructions will assume that you are running commands from the OpenVSCode Server's embedded Terminal; however, the Terminal is an alternate option for those who wish to have separate windows for the code and the shell.

3. The GitLab service will be used for Version Control, Continuous Integration (CI), & Continuous Delivery (CD).

4. The Scratch service provides a simple way to download files from the DevOps server. Files copied into the /labs/scratch directory will be downloadable from the scratch service. The scratch directory has also been added to the default VSCode workspace for easily dragging and dropping files.

5. Open the Terminal service and use the student / StartTheLabs credentials to log in.

6. Run the following command to download the latest workshop content into the GitLab repository.

   workshop-update
   

Aviata Cloud Infrastructure

Some Aviata Cloud Solo Flight Challenge workshops rely on cloud infrastructure hosted in your AWS account. From the OpenVSCode embedded terminal, clone the aviata repository from the GitLab and deploy your lab infrastructure.

Important

The Aviata Cloud Infrastructure is required only for the following chapters:

• Chapter 4 - Attack and Detect Kubernetes: Aerial Combat Training
• Chapter 5 - Centralizing Cross Cloud Security Events
• Check back later for future chapters

1. Inside the OpenVSCode Server, open an embedded Terminal. Use the hamburger button (≡) in the top left corner to find the New Terminal menu item.

   

2. Ensure all workshop updates are applied to your Flight Simulator

   workshop-update
   

3. Clone the aviata repository from the GitLab service.

   cd ~/code
   git clone git@gitlab.sans.labs:aviata/ace135.git
   

4. Change into the ~/code/ace135/src/infrastructure/ directory, set the default region, and apply the Terraform configuration.

   cd ~/code/ace135/src/infrastructure/
   export TF_VAR_region="us-east-2"
   terraform init
   terraform apply -auto-approve
   

5. The Terraform command will take roughly 30 minutes to deploy the Aviata Cloud Infrastructure. Once the job is complete, you will see the following output:

   Expected Results - 30 minutes

   Apply complete! Resources: 87 added, 0 changed, 0 destroyed.
   

Conclusion

Congratulations! You have successfully deployed the SANS Cloud Security Flight Simulator.

You are ready to start the workshop!