Development and operations a practical guide



Download 4.62 Mb.
View original pdf
Page49/96
Date11.02.2023
Size4.62 Mb.
#60628
1   ...   45   46   47   48   49   50   51   52   ...   96
1 Joe Vest, James Tubberville Red Team Development and Operations
Physical Controls
Multiple levels of physical controls should exist to protect engagement tools and operating systems from intentional or unintentional loss. Red Team personnel should be familiar with all physical controls employed (e.g., locks, identification stickers, safes, storage cabinets, and lockable strongboxes) and their appropriate usage. Every Red Team member is personally responsible for the protection of target data.
The recommended security mechanisms for securing target assets include:
Tools, computing systems, and target data should be stored inside an isolated, secured room and controlled only by the Red Team.
Minimize contact between the team and external entities (physical internal/external access controls into the Red Team space/setup).
When not in use, all data and equipment should be removed and placed into lockable cases, safes, or storage cabinets.
When traveling, laptops and hard drives will be secured (in a hotel safe, tethered, in a tethered lockbox, etc) at all times and never left unsecured in a car, hotel, customer space, etc.
All visitors to a Red Team space will be escorted.
Target data should be handled only by Red Team personnel with a need to know.
At the conclusion of the engagement, all target information will be returned to the customer or destroyed using defined procedures.
Software Controls
The following software controls, designed to ensure the confidentiality, anonymity, and safety of information should be employed:
Each host and guest operating system should be encrypted
Use an effective password policy, and consider (should use) a multifactor protected password database to store unique passwords for each engagement
Each host and guest operating system should be protected with a strong password
Each host and guest operating system should employ a host-based firewall specific to the engagement
When possible, communications should be encrypted
Note, the Red Team should never use unsecured file systems or communications for team-developed engagement operations (i.e., FTP, Telnet, HTTP, VNC, WEP, etc.)
Use (more) secure mechanisms for communications (i.e., HTTPS, WebDAV, SSH,
radmin, RDP, etc.)
The data and tools utilized during an engagement should be stored in an encrypted container and moved to the working directory only when needed
All systems, storage, data, and tools should be encrypted at all times (data in transit,
data at rest)
The use of well-known and community-tested high-strength encryption algorithms is

recommended
All data and tools transferred to or from target systems should be hashed using MD5,
SHA1, or SHA256 and added to the OPLOG as discussed in the Data Collection section
All access, movement, and use of data and tools should be added to the OPLOG
If a tool is no longer needed fora task, it should be removed from the target environment
All Red Team tools and software should be removed from the target environment at the end of the engagement. If cleanup is not possible, the TA and ECG should be notified and provided with the appropriate details.

Download 4.62 Mb.

Share with your friends:
1   ...   45   46   47   48   49   50   51   52   ...   96




The database is protected by copyright ©ininet.org 2024
send message

    Main page