Development and operations a practical guide



Download 4.62 Mb.
View original pdf
Page44/96
Date11.02.2023
Size4.62 Mb.
#60628
1   ...   40   41   42   43   44   45   46   47   ...   96
1 Joe Vest, James Tubberville Red Team Development and Operations
Red Team Tip
Operational Impacts provide real insight to the ability
security operations has to defend against threats
Vulnerabilities will be discovered and leveraged;
however, vulnerabilities area byproduct of a Red Team engagement, not the focus. A Red Team’s true value is assisting the target identify administrative, technical, and

procedural controls that limit impacts to the organization even when vulnerable to the latest
“zero-day vulnerability”.
Operational Impacts
As with any security assessment, risk is what moves an organization to act. Operational impacts area Red Team's tool to demonstrate these risks. Impacting an organization's operational capability is one of the most effective methods of showing risk to an organization's senior leadership.
Operational impacts are actions or effects performed against a target and are designed to demonstrate physical, informational, and operational weaknesses insecurity. Operational impacts can bethought of actions taken against an organization that impacts how it operates. These impacts can be as general as performing a denial-of-service attack or more specific, such as using hijacked ICS equipment to control a city’s power grid.
Impacts are typically performed at the end of an engagement however, it is best to plan the desired effects early. Early planning allows a Red Team to use the access and capabilities gained to best position itself for the execution of the impact, known as prepositioning. Other than obtaining and maintaining access, the Red Team should limit interaction with targets of the operational impact. This ensures all engagement impact objectives can be exercised at the appropriate time. Often, the Red
Team will receive a request to cause premature impacts within the target environment. These actions need careful review and consideration before execution. If these actions do not endanger the team's ability to meet other engagement objectives, they maybe executed from other attack spaces and systems not critical to engagement objectives. If actions directly conflict with engagement objectives,
the Red Team Lead must ensure that the ECG and TA fully and completely understand the ramifications of each action (to include future operational impacts).
The level of depth and the impact can be as "painful " as an organization is willing to explore. These impacts are typically performed against live production systems to have the highest level of fidelity but can be executed on test and development environments if they are representative.

Download 4.62 Mb.

Share with your friends:
1   ...   40   41   42   43   44   45   46   47   ...   96




The database is protected by copyright ©ininet.org 2024
send message

    Main page