1 tactics and penetration testing. overview tactics: a procedure or set of maneuvers engaged in to...

1

Tactics and Penetration Testing

Overview

Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal.

•Tactics

•Penetration testing

•Methods

•Guidelines

2

Tactics

• Reconnaissance

• Exploit

• Communication

• Command

• Effect

• Reserve

• Implications3

IW-Strategy: 4

Critical Issues

• What must you defend?– Mission of the organization– Assets of the organization

• What can you defend?– Personnel limitations– Information limitations

• What is likely to be attacked?

IW-Strategy: 5

Reconnaissance

Extend view of the World

•Finding the network: Lookup, DNS, Routes

•Locating key hosts: Services, Public Nodes

•Profiling: Role, OS, Age, Content, Relations, hosts vs. decoys

•Points of Access: Initial and Follow-on

•Points of Vulnerability: technical, procedure

•Points of Exploit: Change State

•Points of Effect: Channel, Target, Cover

ExploitMethods by which to gain access or elevate privileges

•System type: Service and OS

•End goal: Impersonate, Intercept, Modify, Interrupt

•Jump points: Local, Border, Remote

•Methods: Vulnerability, Action, Reaction

•Evidence: System, Defense, Network

6

CommunicationTransfer of information on progress

•Indicators: External evidence of progress

•Waypoints: Phases of method

•Signaling: Present, Ready, Beacon

•Reporting: Success, Fail, Options

•Transfer: Information, Code, Command

7

CommandDirecting actions of hack

•Manual vs. Automatic: interactive, shells

•Command Channels: application, infrastructure

•Encryption and encoding

•Passive vs. Active

•Intelligence: actions, options, productivity

•Commanding Effects

8

EffectMechanism for advancing hack

•Employ, Corrupt, Install, Reconfigure

•Phased effects

•Split effects

•Delegation, Propagation, Relocation

•Confusion

•Reconnaissance

•Plant the flag, Capture the flag

9

ReserveUnused means of attack

•Respond to defenses

•Respond to detection

•Branch points

•Redundancy

•Deception

10

ImplicationsReplicating attacks

Modifying attacks

Operational damage

Mission damage

11

Penetration Testing

• Identify weakness

• Inform response: Priority, Options, Effectiveness

• Assess security performance

• Communicate risk: “We think we’re really secure.”

12

Methods

• Appropriate to goal

• Within scenario

• Deception

• Bounded range

• Bounded damage

13

Guidelines

Agreement on terms of penetration

•Goal

•Constraints

•Liabilities

•Indemnification

•Success and Failure

14

Goal

• Personnel

• Process

• Technology

• Service

• Readiness

• Exploration

15

Constraints

• Where applied

• When applied

• Scenario

• Resources: cost, effort, personnel, technology

• Excluded methods

16

Liabilities

• Technical instability

• Personnel distraction

• Financial dispersion

• Public perception

• Mission disruption

17

Indemnification

• Authority

• Accountability

• Oversight and Decision

• Reporting

• Information handling

• Non-disclosure

18