1 tactics and penetration testing. overview tactics: a procedure or set of maneuvers engaged in to...
TRANSCRIPT
1
Tactics and Penetration Testing
Overview
Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal.
•Tactics
•Penetration testing
•Methods
•Guidelines
2
Tactics
• Reconnaissance
• Exploit
• Communication
• Command
• Effect
• Reserve
• Implications3
IW-Strategy: 4
Critical Issues
• What must you defend?– Mission of the organization– Assets of the organization
• What can you defend?– Personnel limitations– Information limitations
• What is likely to be attacked?
IW-Strategy: 5
Reconnaissance
Extend view of the World
•Finding the network: Lookup, DNS, Routes
•Locating key hosts: Services, Public Nodes
•Profiling: Role, OS, Age, Content, Relations, hosts vs. decoys
•Points of Access: Initial and Follow-on
•Points of Vulnerability: technical, procedure
•Points of Exploit: Change State
•Points of Effect: Channel, Target, Cover
ExploitMethods by which to gain access or elevate privileges
•System type: Service and OS
•End goal: Impersonate, Intercept, Modify, Interrupt
•Jump points: Local, Border, Remote
•Methods: Vulnerability, Action, Reaction
•Evidence: System, Defense, Network
6
CommunicationTransfer of information on progress
•Indicators: External evidence of progress
•Waypoints: Phases of method
•Signaling: Present, Ready, Beacon
•Reporting: Success, Fail, Options
•Transfer: Information, Code, Command
7
CommandDirecting actions of hack
•Manual vs. Automatic: interactive, shells
•Command Channels: application, infrastructure
•Encryption and encoding
•Passive vs. Active
•Intelligence: actions, options, productivity
•Commanding Effects
8
EffectMechanism for advancing hack
•Employ, Corrupt, Install, Reconfigure
•Phased effects
•Split effects
•Delegation, Propagation, Relocation
•Confusion
•Reconnaissance
•Plant the flag, Capture the flag
9
ReserveUnused means of attack
•Respond to defenses
•Respond to detection
•Branch points
•Redundancy
•Deception
10
ImplicationsReplicating attacks
Modifying attacks
Operational damage
Mission damage
11
Penetration Testing
• Identify weakness
• Inform response: Priority, Options, Effectiveness
• Assess security performance
• Communicate risk: “We think we’re really secure.”
12
Methods
• Appropriate to goal
• Within scenario
• Deception
• Bounded range
• Bounded damage
13
Guidelines
Agreement on terms of penetration
•Goal
•Constraints
•Liabilities
•Indemnification
•Success and Failure
14
Goal
• Personnel
• Process
• Technology
• Service
• Readiness
• Exploration
15
Constraints
• Where applied
• When applied
• Scenario
• Resources: cost, effort, personnel, technology
• Excluded methods
16
Liabilities
• Technical instability
• Personnel distraction
• Financial dispersion
• Public perception
• Mission disruption
17
Indemnification
• Authority
• Accountability
• Oversight and Decision
• Reporting
• Information handling
• Non-disclosure
18