Page 13 - Cyber Defense eMagazine - July 2018
P. 13

OPERATION ELIGIBLE RECEIVER - THE BIRTHPLACE OF

               CYBERSECURITY: CONFIGURATIONS





               More  than  20  years ago, the NSA conducted an exercise named Operation Eligible Receiver
               97. The purpose of the exercise was to test the response capabilities of critical Department of
               Defense  information  systems  in  the  case  of  a  breach.  The  exercise concluded with startling
               results. Utilizing only publicly available hacking techniques, the NSA was able to completely
               infiltrate the DoD network and gained superuser access into high-priority devices. However,
               one  of  the  only  known  cases  of  the  NSA  being  prevented  from  reaching  their  targets
               occurred  when  a  marine noticed suspicious traffic on the network and immediately changed
                                                                1
               configuration  settings to lock down permissions.



               After a two-year review of the exercise, recommendations were made for an increased focus
               on  configuration  management  for  all  entities.  Though  best  practices  were  not  formally
               codified,  compliance  frameworks  were  developed  and  include  configuration  management
               practices.  These  frameworks  include  NIST  800-53  and  Security  Technical  Implementation
               Guides (STIGs).



               Operation  Eligible  Receiver highlighted the importance of organizations knowing what they
               have,  how  it’s  configured,  what’s  changed,  and  who  changed  it.  With  this  understanding,
               security  teams are better equipped to meet regulatory compliance and identify configuration
               drift.




               TODAY’S COMMON MISTAKES


               Organizations  need  to  know  what  they  have  in  order  to  improve  security  posture.  In
               addition  to  a  reliable  asset  inventory,  it  is  essential  for  security  teams  to  know  how  their
               network is configured and what has changed over time. When done manually, the process of
               keeping  track  of  configuration  changes  can  take  large  amounts  of  time  that  security
               professionals  do  not  have.  This  approach  will  typically  rely  on  guesswork when answering
               questions  such  as,  “Who  added  a workstation to a domain?” or “When did this user receive
               administrative privileges?”



                 Eligible Receiver 97 After Action Report. Retrieved from: https://www.youtube.com/watch?v=iI3iZAq0Nh0
               1

                   13    Cyber Defense  eMagazine – July 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.
   8   9   10   11   12   13   14   15   16   17   18