Red Team Operations to Assess Information Technology Vulnerabilities

All Information and Communication Technology (ICT) systems have vulnerabilities. Weaknesses in these systems are introduced either during the specification, implementation or operational phase. Leaving aside these introduced vulnerabilities are intentional or unintentional, the fact remains that these factors make information security as strong as its weakest link. A team of professionals - a red team - whose aim is to combine the required technical skills into practice - pinpoints and tracks these vulnerabilities. The first step in a red team analysis is the collection of information, followed by an onsite analysis, resulting in a complete and accessible report. The tools and techniques used by the highly skilled red teams are the same hackers use on today's computer and network environments supplemented with their own developed tools and techniques. Experiences leam that the development of methods and the maintenance of a cooperative relationship with the responsible staff are crucial in the raising of a professional coherent red team.