Similar Searches

Related News

Latest News

CIA website brought down – were Anonymous attackers responsible?

Dutch ISP KPN hacked, credentials and personal information leaked

Valentine’s Day Cyber Scams that Will Play with Your Heart

Strong Authentication by Itself is Not Enough to Prevent Man-in-the-Browser Attacks

How Criminals Capitalize On Our Digital Lives

Critical Control 17: Penetration Tests and Red Team Exercises

Attackers penetrate networks and systems through social engineering and by exploiting vulnerable software and hardware.  Once they get access, they often burrow deep into target systems and broadly expand the number of machines over which they have control.  Most organizations do not exercise their defenses so they are uncertain about their capabilities and unprepared for identifying and responding to an attack.
A red team exercise is guided by what the customer needs or wants. In developing the Rules of Engagement (ROE) these could differ from exercise to exercise. The end result is still designed to strengthen an organization’s network security. It will assist in the identification of weak areas and highlight the strengths used to establish baselines for the weaker areas. Some possible avenues used to identify security risks are:

Scans
Social engineering
Malware
Specialized tools
Passive attacks

Each test should have a specific goal, and provide different pertinent information to the customer. Each test by itself will not provide an overall picture of the current security state of the network, but when all the areas are evaluated and put together, you will have a good overall picture of the security posture of the organization’s network.
Red team efforts can identify multiple areas of concern:

System vulnerabilities
Personnel complacency
Security monitoring flaws
Response procedures

Using the above items, it’s possible to conduct a root cause analysis in an effort to assist the shoring up of the network.
Each area (continue reading...)

Source: McAfee Security Insights Blog

One Comment on “Critical Control 17: Penetration Tests and Red Team Exercises”

  • Jeff | Personnel Security wrote on 18 February, 2010, 16:17

    The specter of criminal insurgency is haunting the police stations and barracks of North America. Powerful criminal networks increasingly challenge the state’s monopoly on force, creating new threats to national security. Mexico is currently deteriorating under the weight of criminal violence,1 but it is by no means the only state in the Americas suffering from criminal insurgency. We are seeing a general rise in the power of transnational criminal organizations ranging from the street collective MS-13 to the powerful Mexican drug cartels—and the threat could hit us very close to home. Even American street gangs are increasingly evolving into “third generation” gangs: large, networked, transnational bodies that may yet develop true political consciousness

Write a Comment

Copyright © 2012 The Security Blog. All rights reserved.