Determine external network trust dependencies
|Determine external network trust dependencies|
|Tactic||Technical Information Gathering|
Network trusts enable communications between different networks with specific accesses and permissions. Network trusts could include the implementation of domain trusts or the use of virtual private networks (VPNs).123
Difficulty for the Adversary
Easy for the Adversary (Yes/No): No
Explanation: Determining trust relationships once internal to a network is trivial. Simple tools like trace route can show evidence of firewalls or VPNs and then hosts on the either side of the firewall indicating a different trusted network. Active Directory command line tools can also identify separate trusted networks.
If completely external to a network, sniffing traffic (if possible) could also reveal the communications protocols that could be guessed to be a trusted network connection (e.g., IPsec, maybe SSL, etc.) though this is error-prone.
With no other access, this is hard for an adversary to do completely from a remote vantage point.
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: This is not easily performed remotely and therefore not a detectable event. If the adversary can sniff traffic to deduce trust relations, this is a passive activity and not detectable.
- [ Cliff Stoll. (1089). The Cuckoo's Egg. Retrieved April 13, 2018.]
- Wikipedia contributors. (2017, January 18). The Cuckoo's Egg. Retrieved March 5, 2017.