The UMass Lowell Cyber Range is 3171 square feet and includes 20 workstations, one conference room, one lecture theater, two offices and one storage room. Each workstation allows students to conduct live cyberattacks across the computers located in the Cyber Range, which are safely isolated from the public internet. UMass Lowell is proud to be the first public university in Massachusetts to open a Cyber Range that will contribute to the cyber talent in our region. In the conference room of Cyber Range, a 75” display shows the stats of UMass Lowell's SIEM called QRadar and its purpose is to motivate students by demonstrating what an enterprise IT department faces on a daily base. The counters at the top of the QRadar interface show the number of attempted attacks against the UMass Lowell network of various types in the last 24 hours. Those attack types are SQL Injection, Remote Code Execution, Cross Site Scripting, Buffer Overflows, and Brute Force Attacks.
The Inbound Threats graph in the top right takes the same data but displays it on a time series of the last 3 hours. The World Sources and Destinations map shows all traffic to and from the UMass Lowell network, and color codes it based on a its potential threat level which is determined by UMass Lowell’s Palo Alto firewalls. Below Inbound Threats is the Top Log Sources bar graph of UMass Lowell systems showing the amount of logs they are generating, which shows that systems are working and properly reporting events to QRadar. The bottom Log Source Count graph is a time series of the same data, allowing cybersecurity operators to see sudden spikes or drops in the number of logs a system is sending. Finally on the bottom right is the Active Offenses time series graph which shows offenses generated by QRadar’s threat lists, correlation rules, which show coordinated attacks on our network. QRadar has a similar interface to LogRhythm SIEM.