Skaion Corporation faces a paradox daily: their clients need them to test how their security systems perform in real-world Internet conditions, but Skaion absolutely cannot connect their test networks to the actual Internet. The solution? Build their own Internet—complete with a working Wikipedia.
The Challenge: Control vs. Realism
Computer security testing is all about observing behavior under controlled conditions. When evaluating a device, software system, or security practice—what we call the System Under Test (SUT)—we need to know exactly what’s happening in the environment around it. Every variable matters.
If you connected a test network to the real Internet, you would lose that control. Unpredictable traffic, random website changes, or external attacks could all influence the SUT’s behavior. When something unexpected happens during a test, there is no way to know if this was caused by a deliberate test conditions or by some random event from the outside world. That makes the test results meaningless. Booh.
Why Air-Gapping Is Non-Negotiable
There’s another critical reason for isolation: safety. Security testing often involves working with live malware, including variants designed to propagate across networks. Connecting to the real Internet during these tests would be irresponsible and potentially illegal. Test networks must be completely air-gapped—physically isolated from any external network.
The Realism Problem
Here’s where it gets tricky. While test networks need to be isolated, they also need to be realistic. Security systems don’t exist in a vacuum—they’re designed to protect real users accessing real websites in real-world conditions.
In the actual Internet, traffic isn’t distributed evenly. A small number of websites receive the vast majority of visits, and Wikipedia consistently ranks among the top ten most popular sites globally. If you want our test environment to accurately simulate real network conditions, you need Wikipedia in there.
Enter Kiwix: Wikipedia Without the Internet
This is where Kiwix becomes essential to a testing infrastructure. Wikipedia’s open licensing allows anyone to create copies legally, but running a full Wikipedia installation is notoriously complex. It requires extensive backend infrastructure, databases, and dependencies that can take weeks to configure properly.
Kiwix eliminates all that complexity. The solution is remarkably straightforward:
- Download the Kiwix software
- Download Wikipedia content as pre-packaged ZIM files
- Run Kiwix in server mode
That’s it. Within hours, you can have a fully functional, self-contained Wikipedia running on an isolated test network. It looks like Wikipedia, behaves like Wikipedia, and provides the realistic web traffic patterns our tests require—all without a single external connection.
Why This Matters
This approach gives everyone the best of both worlds: the rigorous control needed for valid security testing and the realism necessary for meaningful results. When clients receive test findings, they can trust that what was observed reflects how their systems will actually perform in deployment—not artifacts of an unrealistic test environment.
For anyone conducting security testing, penetration testing, or isolated network research, the lesson is clear: you don’t have to choose between control and realism. Tools like Kiwix make it possible to have both!