1. Field of the Invention
The present application generally relates to computer networking, and, more specifically, to simulating a live, complex, multi-node computer network environment.
2. Description of the Related Art
Computer networks have grown in size and sophistication. Businesses, governments, and other organizations have seen their computer networks expand to enable internal communication among employees' computers as well as with customers/clients, vendors and suppliers, the general public, and others outside the organizations through the Internet.
Network traffic on such networks has expanded commensurately. Network traffic, such as that from employees checking email from web servers, accessing databases and file servers, printing to print servers or printers, or surfing the World Wide Web, typically consists of packets racing around an Internet Protocol (IP) network. Some of the typical network traffic is initiated by human users when they actively go onto the network. The traffic ebbs and flows as the business day goes on. Some of the typical network traffic is initiated by automatic processes that are not a result of immediate human interaction. For example, email software in a user's personal computer (PC) workstation may automatically send a request to an email server to check every five minutes for new email. As another example, a backup file server may initiate archiving at 2:00 am each work day. This traffic comes and goes in response to schedule times.
As the enablers of such networks, such as routers, switches, bridges, hubs, and repeaters, become cheaper and more sophisticated, networks have been able to expand to facilitate connections not only between many more homogeneous computer workstations and servers than was possible in the past but also different types of networked devices. At the same time, powerful smart phones, Personal Digital Assistants (PDAs), tablet computers, and other portable electronic devices that can wirelessly (or through cables) connect to computer networks have exploded in popularity. Businesses are purchasing more Voice over Internet Protocol (VoIP) phones, multi-function scanner/fax/copy machines, and other networked appliances as they become more reliable and easier to use. These machines are being connected to the businesses' networks.
The resulting scale in the number of connected devices and disparate mix of such automated and human-operated devices makes for networks with complex traffic patterns. A real, live network is so complex that it is essentially non-deterministic.
Recently, governments have become interested in testing devices and people on large, realistic networks that are cordoned off from real networks. For example, the Defense Advanced Research Projects Agency (DARPA) is developing a National Cyber Range to provide realistic, quantifiable assessments of the U.S.'s cyber research and development technologies. The National Cyber Range can be used to test software, hardware, and humans in a realistic setting for defending against cyber attack. Besides testing vulnerabilities, presumably it can also be used to test offensive cyber weapons and battle damage assessment tools. To create the large networks, designers have procured millions of dollars worth of computer hardware.
By connecting a large number of servers, workstations, and other networked equipment and devices together, a realistic environment can be produced. However, because computer equipment becomes obsolete quickly, the equipment must be refreshed every couple of years in order to stay relevant to the latest threats.
There is a need in the art for less expensive cyber ranges that can emulate a large number of different and disparate computers and other networked devices for blue team/red team training and other needs. There is also a need for better defenses against hackers.