Determine external network trust dependencies

Network trusts enable communications between different networks with specific accesses and permissions. Network trusts could include the implementation of domain trusts or the use of virtual private networks (VPNs). [1] [2] [3]

ID: T1259

Tactic: Technical Information Gathering

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: This is not easily performed remotely and therefore not a detectable event. If the adversary can sniff traffic to deduce trust relations, this is a passive activity and not detectable.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Determining trust relationships once internal to a network is trivial. Simple tools like trace route can show evidence of firewalls or VPNs and then hosts on the either side of the firewall indicating a different trusted network. Active Directory command line tools can also identify separate trusted networks.If completely external to a network, sniffing traffic (if possible) could also reveal the communications protocols that could be guessed to be a trusted network connection (e.g., IPsec, maybe SSL, etc.) though this is error-prone. With no other access, this is hard for an adversary to do completely from a remote vantage point.

References

  1. [ Cliff Stoll. (1089). The Cuckoo's Egg. Retrieved August 8, 2017.
  2. Wikipedia contributors. (2017, January 18). The Cuckoo's Egg. Retrieved March 5, 2017.
  1. WBGH Nova. (1990, October 3). The KGB, the Computer and Me. Retrieved March 5, 2017.