“Passive [enumeration] methods seem to be very under-appreciated”, and there is a lot to learn from listening to our systems.
These were the words of Chris Day, senior consultant at MWR, speaking at CRESTCon & IISP Congress in London today.
Day outlined the importance of understating a risk before mitigating it, but companies often face challenges in understanding and knowing their systems, with outdated and incomplete documentation, staff departures, recent acquisitions and unauthorized and undocumented deviations issues that can all prove troublesome.
However, he argued that this can be aided by implementing passive data sources into security strategies, and whilst active techniques do carry several benefits, they alone can also raise a series of issues that can cause companies problems. These include:
• Interaction with systems
• Potential for disruption
• IP focus
• Overloaded networks
• Sensitive devices
In contrast, passive techniques can bring about benefits such as no interaction with the system, easier automation and being data rich. So, continued Day, there is a place for reimagining passive enumeration to work in tangent with active techniques, and creating enumeration tools that can do things like create system diagrams, log files and host native tool output.
In order to do this, what does an ideal tool look like? According to Day, an ideal enumeration tool should:
• Aggregate data sources
• Capture non-ethernet interfaces
• Be capable of entirely passive operations
• Produce engineer and CEO output
• Be accessible to users
• Maintain an audit trail for data