CDM-CYBER-DEFENSE-eMAGAZINE-March-2019
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Operation Eligible Receiver - The Birth Place of<br />
Cybersecurity: Configurations<br />
More than twenty years ago, the National Security Agency conducted an exercise to test the<br />
response capabilities of critical Department of Defense information systems in the case of a<br />
breach. The exercise was named Operation Eligible Receiver 97, and it concluded with startling<br />
results. Utilizing only hacking techniques available publicly, the NSA was able to completely<br />
infiltrate the DoD network and gain super user access into high-priority devices; however, one of<br />
the only known cases of prevention from the NSA reaching their targets occurred when a marine<br />
noticed suspicious traffic on the network and immediately changed configuration settings to lock<br />
down permissions.<br />
After a two-year review of the exercise, recommendations were made for an increased focus on<br />
configuration management for all entities. Though best practices were not formally codified, the<br />
configuration management practices within compliance frameworks reflect the results of the<br />
exercise. These frameworks include NIST 800-53 and Security Technical Implementation Guides<br />
(STIGs).<br />
Operation Eligible Receiver highlighted the importance of organizations understanding what<br />
systems they have, how they are configured, what has changed, and who made changes. With<br />
this knowledge security teams are better equipped to meet regulatory compliance and identify<br />
configuration drift.<br />
Today’s Common Mistakes<br />
In order to improve security posture, organizations must understand what they have, and in doing<br />
so, should conduct a reliable asset inventory. It is essential for security teams to know how their<br />
network is configured and what has changed over time. When done manually, the process of<br />
keeping track of configuration changes can take large amounts of time which many security<br />
professionals do not have. A manual approach will typically rely on guesswork when answering