Our last post examined what a Penetration Test is. Essentially this is when an individual or a team of individuals launch cyber attacks in a legal and ethical manner at your lines of defense.
This is an effort to determine where all of the security weaknesses, holes, and hidden vulnerabilities lie. Penetration Testing can be done on just about anything that resides within your IT Infrastructure.
For example, your servers can be tested, as well as the web based applications that you create. Depending upon the magnitude and the extent of the testing, there can be a dedicated Penetration Testing team to address your security concerns.
In this post, we examine one of three types of teams that are used — The Red Team.
The Red Team
It is the Red Team that has the primary responsibility of launching an “ethical based” cyber-attack against the defense perimeters of your business.
However, it is important to note here that the Red Team is not particularly interested in what is being attacked, they are much more interested instead on the access methods to get to those targets.
The Red Team will use a large amount of creativity and even use techniques one may never have heard of. Keep in mind, the goal of the Red Team is not just to attack your lines of defense, but breach them through each and every means that are available at their disposal.
To do this, they will think and act just like the real cyber attacker, but very often come up with ideas on their own as well.
When a Red Team engages in its mock cyber-attacks, they very often do not ask for a specific list of targets to hit. Rather, they are also interested in those systems in your IT Infrastructure that are “out of scope” as well.
As a result, this gives the Red Team a much broader set of permutations to examine. Because of this the Red Team will
“… find vulnerabilities that stem from cultural bias in system design, flawed conclusions, or the limitations and expectations of an insider perspective.”
It is important to note that Red Teams often make use of a methodology known as the “Layered Approach”.
With this multiple attempts are utilized in order to break through the lines of defense at the business entity.
These attempts are not done successively, rather they are done simultaneously, in order to cause the highest levels of confusion and mayhem for the Blue Team.
For example, one part of the Red Team may try to hack into the password database, while at the same time, another part of the Red Team could try to gain access to the main entry of the organization by using covertly replicated access cards.
It’s important to note that effective Red Team Testing just does not happen over a period of 2 weeks. It can take up to a year to examine what to hit, as a real cyber attacker these days will take their own time as well in determining and researching their targets.
A primary advantage of having a Red Team conduct your Penetration Testing is that they will offer an unbiased, holistic view of the weaknesses not only in your IT Infrastructure, but also among your employees and the physical conditions of your office location(s).
Our next post will examine the Blue Team — which are the “good guys”.