The best defense is a good offense

               seeing your security posture through the eyes of an attacker


               Disclaimer: As with all security operations, always act in accordance with the highest
               standard of legality and ethics, making sure you have the proper authorization for any
               security exercises in which you engage.

               What are you defending against?
               In the 1970 Academy Award Best Picture, Patton, there is a classic scene where U.S. General
               George S. Patton gazes over a WWII battlefield in Tunisia where his troops have ambushed and
               crushed their Nazi adversaries, lead by German Field Marshall Erwin Rommel. Sensing victory,
               Patton yells toward the battlefield (slightly edited for reading), “Rommel, I read your book!”
               Patton was a student of history and warfare, and knew that the key to victory was designing a
               strategy to counter that of his opponent. He studied the enemy’s tactics to devise his winning
               strategy.

               On what is your organization’s security strategy based? Many organizations are probably
               following a list of best-practices developed by industry contemporaries, likely also in defensive
               roles. Systems administrators rely on their respective security tool vendors to update their
               products promptly after new vulnerabilities are reported. Application developers, if even aware
               of the OWASP Top 10, may be giving some effort to preventing against its common
               vulnerabilities. A highly-publicized breach might also prompt some action. But these are all a
               form of waiting game, dependent on external resources to inform a direction. In other words, this
               is trickle-down security strategy, requiring outside entities’ input to improve an organization’s
               security posture.

               Complicating matters, this external guidance deals broadly in generalities, not specifics
               necessarily relevant to your organization. Worse, it doesn’t give much insight into how an
               attacker might behave beyond the initial exploit: post-exploit movement through a network and
               exfiltration of data. How can an attack be defended against and responded to if you have no
               idea what a real attack looks like?

               Think like an attacker
               The adage “the best defense is a good offense” has long been a principle of military warfare,
               competitive athletics, and business. The principle holds that the most successful defense results
               from forcing an adversary to defend against your offensive, simultaneously preventing them
               from being able to mount their own offensive. In security, while we won’t be going on the
               offensive against the attacker per se, we can steal away their offensive opportunity by
               conducting it ourselves against our own defenses. By understanding how an attacker will
               attempt to exploit our attack surface, we can develop an effective defensive strategy to preempt
               an attack.

               Before tackling specific offensive measures, it is important to get into the headspace of an
               attacker. Keep the following things in mind:


                    10   Cyber Warnings E-Magazine – August 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.