Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
| Data Repository All data collected during an engagement must be logged, filed according to datatype, and stored in an engagement-specific repository. This repository should be located on an encrypted volume within a centralized server / NAS file share that is mountable or accessible only after authentication. If at an offsite location, and a practical approach is to designate a laptop and create an authenticated directory for storing engagement data. Ensure this directory is copied to another laptop daily. Remember, the file system should be stored in accordance with policy, physical, and software controls, as previously discussed. As operations begin, the Red Team Lead should mount the engagement-specific volume within the repository (an encrypted volume requiring authentication. Once completed, each Red Team Operator will need to mount the directory locally for engagement use (requires user authentication. At end-of- day, each operator must unmount the directory, and the Red Team Lead should unmount the repository volume. A proven and recommended method for secure collaborative access to a common repository is mounting a remote file system over SSH. This method requires authentication for access and leverages an encrypted transport mechanism. There are numerous ways to perform this task. A quick example is shown below: 1) Install SSHFS: apt-get install sshfs 2) Create a data directory to be used for collection: Mkdir /data 3) Mount the common repository via SSHFS by entering the password. Note The Red Team Lead should have created an event hierarchy (as discussed in File Hierarchy) prior to this step. sshfs -o allow_other,defer_permissions redteammember1@ 4) Alternatively, mount the common repository via SSHFS using keys: sshfs -o allow_other,defer_permissions,IdentityFile= /.ssh/id_rsa redteammember1@ 5) Utilize: ls /data 6) To unmount the file system: unmount /data More usage guidance on sshfs can be found with the sshfs man page (man sshfs ) or at https://linux.die.net/man/1/sshfs. While the following structure and method are not required for Red Team operations, it is HIGHLY recommended if other data collection processes or tools do not exist. Leveraging lessons learned, this structure was designed to facilitate the efficient operational flow of storing data during an engagement while improving a Red Team lead's ability to control the acquisition, flow, and reporting of information. Download 4.62 Mb. Share with your friends:
|