One particular approach we learned in the past, at the very beginning of our security experiences, consisted of closing our physical eyes and trying to "see" the target with the true eyes of a penetration tester, with the tester's embedded fantasy, curiosity, and creativity. Our target then became an ancient castle, with its usual bridge-over-the-river and tower guards ready to throw boiling oil on the heads of the attackers.
On the other side, warriors and soldiers learned (let's say created!) the concept of a Trojan Horse, built higher attack stairs, and protected themselves from the boiling oil being poured down on them. History always repeats itself...attackers, defenders, weapons, usual and unusual war strategies, unconventional attack vectors.
We know this and can recall many aspects of the everyday development of the Information Security (IS) market.. .but our physical eyes are now closed (let's use the so-called out-of-the-box approach) and we now see things in a different way: Why should we attack the castle via the main bridge? Is it really the most exposed link to the external world, to what's outside the castle itself? And vice-versa, isn't it the attack path that most exposes us? Just like xIDS, guards are on the towers, controlling the perimeter and looking for anomalies.. That's why we keep on looking for information related to our target, searching for more links to the external world—previously built and then forgotten bridges, emergency exits, and access doors for trusted external suppliers.
In the real world, in the world of penetration testers, those forgotten access paths became (often) forgotten attack vectors, so we then adopted a slower, old-school approach and investigated around them, looking for exclusive access to the castle core.
After more than 20 years of experience in testing the security of IT systems, we can definitely say that a company's RAS, toll-free dialup for agents and roadrunners, ISDN access points to mainframes given to external suppliers, those old X.25 links, as well as a company's PBX, require accurate security testing to prevent intruders from getting access to the most confidential data.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.