Skip to content

SIMULATION_GUIDE.md

Latest commit

 

History

History
188 lines (149 loc) · 5.57 KB

SIMULATION_GUIDE.md

File metadata and controls

188 lines (149 loc) · 5.57 KB

ZeroTrustScope Simulation Guide

This guide explains how to simulate and test the ZeroTrustScope security system.

Overview

ZeroTrustScope is a network security system that implements Zero Trust principles by:

  • Monitoring network traffic in real-time
  • Managing trusted and blocked IP addresses
  • Automatically responding to security threats
  • Logging all security events

Simulation Options

1. Quick Demo (Recommended for first-time users)

ruby demo_zerotrust.rb

What it does:

  • Runs an automated demonstration of all key features
  • No user interaction required
  • Shows system initialization, IP management, network monitoring, and security incident response
  • Perfect for understanding the system capabilities

2. Interactive Simulation

ruby simulate_zerotrust.rb

What it does:

  • Provides an interactive menu with 8 options
  • Allows real-time monitoring with live network traffic simulation
  • Interactive IP management (add trusted, block malicious)
  • Automated security scenarios
  • Real-time log viewing

Menu Options:

  1. Start real-time monitoring - Live network monitoring with simulated traffic
  2. Add trusted IP - Add IP addresses to the trusted list
  3. Block IP address - Block malicious or suspicious IP addresses
  4. View current status - Show current trusted/blocked IPs and recent events
  5. Generate network traffic - Create simulated network events
  6. View security logs - Display recent security events with color coding
  7. Run automated scenario - Execute a complete security incident response scenario
  8. Exit - End the simulation

3. Command Line Interface

# Add trusted IP
ruby test_system.rb trust 192.168.1.100

# Block malicious IP
ruby test_system.rb block 203.0.113.45

# View real-time logs
ruby test_system.rb logs

# Start monitoring
ruby test_system.rb start

# Show help
ruby test_system.rb help

4. Automated Test Suite

ruby test_simulation.rb

What it does:

  • Runs comprehensive tests of all system components
  • Tests trusted IP management, malicious IP blocking, network monitoring
  • Validates security incident response and logging system
  • Provides detailed test results with pass/fail status

Simulation Scenarios

Scenario 1: Basic IP Management

# Add trusted IPs
ruby test_system.rb trust 192.168.1.100
ruby test_system.rb trust 10.0.0.50

# Block malicious IPs
ruby test_system.rb block 203.0.113.45
ruby test_system.rb block 198.51.100.123

Scenario 2: Security Incident Response

  1. Start the interactive simulation: ruby simulate_zerotrust.rb
  2. Select option 7 (Run automated scenario)
  3. Watch the system detect, block, and log a security incident

Scenario 3: Real-time Monitoring

  1. Start the interactive simulation: ruby simulate_zerotrust.rb
  2. Select option 1 (Start real-time monitoring)
  3. Watch live network traffic and security events
  4. Press Ctrl+C to stop monitoring

Scenario 4: Network Traffic Generation

  1. Start the interactive simulation: ruby simulate_zerotrust.rb
  2. Select option 5 (Generate network traffic)
  3. Watch the system process various types of network events
  4. Observe how trusted, blocked, and unknown IPs are handled

Understanding the Output

Color-Coded Logs

  • Green (✓): Trusted IPs and successful operations
  • Red (🚨): Security alerts and blocked traffic
  • Yellow (⚠): Warnings and unknown IPs
  • Magenta: Blocked IP operations
  • White: General network traffic

Event Types

  • TRUST_IP: IP added to trusted list
  • BLOCK_IP: IP blocked due to malicious activity
  • SECURITY_ALERT: Suspicious activity detected
  • AUTO_BLOCK: Automatic blocking of suspicious IPs
  • ACCESS_DENIED: Blocked access attempts
  • NETWORK_TRAFFIC: General network activity

Status Indicators

  • ✓ ALLOWED: Traffic from trusted IPs
  • 🚨 BLOCKED: Traffic from blocked IPs
  • ⚠ MONITORED: Traffic from unknown IPs

Configuration

The system uses config.json for configuration. If the file doesn't exist, default settings are used.

Example configuration:

{
  "network": {
    "monitoring_enabled": true,
    "auto_block": true
  },
  "security": {
    "log_level": "INFO",
    "alert_threshold": 3
  }
}

Log Files

All security events are logged to zerotrust_log.json in JSON format:

{
  "timestamp": "2025-06-18 11:51:50",
  "event_type": "SECURITY_ALERT",
  "description": "Suspicious activity from 203.0.113.200",
  "source": "simulation"
}

Troubleshooting

Common Issues

  1. "Could not load zerotrust_scope module"

    • This is normal if the C library isn't compiled
    • The system will use the Ruby stub implementation
    • All functionality will still work for simulation

  2. "Permission denied" errors

    • Ensure you have write permissions in the current directory
    • The system needs to create log files

  3. Interactive simulation not responding

    • Use Ctrl+C to exit
    • Try the non-interactive demo instead: ruby demo_zerotrust.rb

Getting Help

  • Run ruby test_system.rb help for command-line help
  • Check the log file zerotrust_log.json for detailed event information
  • Use the automated test suite: ruby test_simulation.rb

Next Steps

After running the simulations:

  1. Review the logs to understand security events
  2. Experiment with different IP addresses to see how the system responds
  3. Try the real-time monitoring to see live network activity
  4. Run the automated scenarios to understand incident response

The ZeroTrustScope system is now ready for production use with real network monitoring and security enforcement!