Determine external network trust dependencies

From pre-attack
Jump to: navigation, search


Determine external network trust dependencies
Technique
ID PRE-T1036
Tactic Technical Information Gathering

Definition

Network trusts enable communications between different networks with specific accesses and permissions. Network trusts could include the implementation of domain trusts or the use of virtual private networks (VPNs).123

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Determining trust relationships once internal to a network is trivial. Simple tools like trace route can show evidence of firewalls or VPNs and then hosts on the either side of the firewall indicating a different trusted network. Active Directory command line tools can also identify separate trusted networks.

If completely external to a network, sniffing traffic (if possible) could also reveal the communications protocols that could be guessed to be a trusted network connection (e.g., IPsec, maybe SSL, etc.) though this is error-prone.

With no other access, this is hard for an adversary to do completely from a remote vantage point.

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This is not easily performed remotely and therefore not a detectable event. If the adversary can sniff traffic to deduce trust relations, this is a passive activity and not detectable.