Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Rules of Engagement (ROE)
- ROE Document
| Red Team Operator Red Team operators are the individuals who execute the actions required for an engagement to meet the goals. Each Red Team operator complies with all Red Team policies and regulations under the direction of the Red Team Lead. In general, the operator: Executes engagement requirements as directed Complies with all laws, regulations, policies, programs, and Rules of Engagement Implements the team’s operational methodology and TTPs Identifies and has input to target environment deficiencies Researches and develops new exploit and tests tools for functionality Performs Open Source Intelligence as required for the engagement Identifies and assesses actions that reveal system vulnerabilities and capabilities Assists the Red Team Lead in the development of the final engagement report Performs physical assessment support under the direction of Red Team Lead Executes operational impacts as approved by the ECG Blue Cell The blue cell is the opposite side of red. Is it all the components defending a target network. The blue cell is typically comprised of blue team members, defenders, internal staff, and an organization’s management. This diagram shows the relationship and communication paths among the different groups in an engagement. The red team lead maintains constant communication with the ECG and white cell. The blue team lead and trusted agents maintain communication with the white cell. The dashed line from the observers represents limited communications to the individuals overseeing an engagement. Rules of Engagement (ROE) The Rules of Engagement establish the responsibility, relationship, and guidelines between the Red Team, the network owner, the system owner, and any stakeholders required for engagement execution. This document contains all agreed-upon rules for an engagement, should be a signed official agreement of all parties involved, is used as the formal agreement that authorizes the engagement actions, and should be treated as law. The ROE governs the entire process of a Red Team engagement and must be adhered to during the execution. Violation of the ROE can put a target organization or engagement operators at risk. The seriousness of the ROE must not betaken lightly. All parties must approve any deviation from the rules established in the ROE before execution. ROE Document The ROE documents the target information, approvals, threat implementation, activities, and issues required to staff, coordinate, and execute engagements within the target environment. The main body of the ROE (often derived from a standing template) provides information on: The Red Team methodology A high-level description of the types of activities that maybe executed The types of hardware and software that maybe employed A recommended deconfliction process Levels of threat available (comparison) Roles and responsibilities of each functional group (ECG, White Cell, TA, etc.) The identification of and references to appropriate legal requirements (PCI, FERPA, HIPAA, HITEC, SOX, GLBA, etc.) A legal responsibility disclaimer (federally mandated requirements for the Red Team to report specific findings) Information specific to each engagement should be documented in annexes to the ROE. At a minimum, ROE annexes should detail: Download 4.62 Mb. Share with your friends:
|