The Department of Defense (DoD) has very strict security rules that can cause technical challenges, requiring not only complex security and IT solutions but also deep knowledge of their specific framework, the Risk Management Framework (RMF). In my experience supporting the DoD, I have had the opportunity to work on a cybersecurity team that has developed a red team for testing new software being introduced to the DoD environment I support. Each assessment happens before the software is deployed within the DoD’s authorized cloud environments. By doing this, we maintain the security and integrity of DoD systems and networks, avoiding potential risks and ensuring operational security and Authority to Operate (ATO) compliance.
Our Strategy for Red Team Operations
We’ve created a strategy that combines the protection of DoD software environments with ongoing red team actions. This blend of defense and proactive red team assessments creates a strong security strategy, allowing us to identify weaknesses from the perspectives of both potential attackers and defenders.
Our team has fine-tuned a process that safely operates within the boundaries of an approved ATO Cloud System. Focused on continuous assessment of software, we use a variety of specialized tools and techniques to ensure our defenses are always up to date, including:
- Development Virtual Machine (VM): We use a VM with specific tools and capabilities essential for performing comprehensive assessments. This setup includes:
- ACAS Scans: We use the Assured Compliance Assessment Solution to conduct extensive vulnerability and compliance assessments to identify and resolve potential security issues introduced by new or existing software
- Antivirus Scanning: Our VMs have strong antivirus scanning capabilities to detect and eliminate malware threats efficiently.
- STIG Evaluations: We make sure we comply with DoD security standards through rigorous Security Technical Implementation Guides evaluations.
- Attack Surface Analyzer: This tool is important for finding security vulnerabilities within the software and the system as a whole.
- Packet Capture Software: Tools like Wireshark are used to monitor and analyze network traffic, providing information about possible security breaches.
- Consistent VM Imaging: Our VMs use images that match the baseline images found in host VM pools to ensure consistency and reliability.
Through this thorough and structured approach, AIS is dedicated to improving the security posture of our DoD customers’ environments. By proactively detecting and reducing risks, we ensure the smooth and secure integration of new software, enhancing our customers’ operational readiness and resilience against threats.
Key Steps of Our Red Team Software Assessment Process
- Research Collection: The first phase is to gather thorough information on the software, such as its version, update history, known threats, intended use, and any prerequisites that might add more assessment needs.
- Pre-Scans: We perform pre-scans using ACAS and ASA before installing the software, to evaluate the baseline VM, with a focus on certificates, network settings, user permissions, and initial vulnerability assessments.
- Install: We conduct a series of scans without running the software during installation, to avoid exposing the system to vulnerabilities too soon.
- Post-Run Scans: We run the software to find out the risks related to its functionality through additional ACAS and ASA scans.
- Post-Uninstall: We examine the system after uninstalling the software to detect any leftover changes or remaining vulnerabilities.
- Evaluation & Report: All the data from the scans are analyzed to assess the security threats and compliance needs. Our report explains any necessary configurations needed for approval within the target authorization boundary.
After completing these actions, the team tries to exploit the findings from the scans and assessments to reveal the weakness. Then they write a report and suggest caveats for installation to prevent future exploits, including which STIG checks must be implemented to resolve discovered vulnerabilities.
Operating within the DoD Limitations
Understanding the limits within the DoD is critical, especially on the tools and software we use in our assessments. The DoD enforces strict compliance with security standards, which affects our selection of assessment tools and methods. Tools like ACAS, STIGs, and ASA are not arbitrary choices; they are mandated or suggested solutions that comply with DoD’s demanding security requirements. These tools ensure that our assessments meet the high standards required for DoD software approvals, enabling us to handle the specific difficulties posed by the DoD environment effectively.
Conclusion
Through careful research, detailed planning, and thorough assessments, we not only aim to protect and secure DoD systems but also to improve them. Our approach to cloud-based red team operations for software assessments in the DoD is a proof of our dedication to security, compliance, and operational excellence.
