General Dynamics [GD] has developed the Network Exploitation Test Tool (NETT), which provides a cyber threat test on friendly force systems for vulnerability analysis and system evaluation.
Additionally, NETT enables more robust data capture to help in the wiring of more detailed and accurate reports, John Callahan, project manager for NETT, tells our sister publication Defense Daily in a recent interview.
One aspect of NETT provides a read team threat to a system to make sure that that system is as secure as possible, he says.
“Traditionally, what a red team will do, they will have some subject matter experts that collect open source either through individual pieces of software that they downloaded from the Internet or use tools like BackTrack 2, which is a bootable CD that has a lot of threats already integrated into it, or they buy a commercial product,” Callahan says. “But one of the problems with commercial tools, [what they tend to do] is abstract the threat to the point that the operator doesn’t have that really fine control over how they are using the tool.”
For example, one tool widely used for scanning is called Nmap (Network Mapper). “It can be used in a way that would set off alarms in a control center that is trying to monitor a network or it can be used very stealthily. It all has to do with what options the operator chooses whey they run Nmap,” Callahan says. “So it can be the bull in the china shop or it can be very, very stealthy.”
GD has integrated Nmap into NETT and provides a user interface to control it and capture data behind the scenes, he says. “But we exposed the operator to all those command line options that they normally would have,” he adds.
Integrating Nmap into NETT makes it easier for an operator who now no longer needs to know how to install Nmap to run it, Callahan says.
Another feature of NETT is data capture capability.
The typical red team would perform these operations trying to break into a network or a computer or whatever their mission is. But the data that comes back from the use of these tools is usually returned on an ASCII console window.
“You can imagine it is difficult for them to capture all the data that comes back,” Callahan says. “Its pages and pages of information about IP addresses and port numbers and operating systems, and other pieces of information.”
Commercial companies that provide hacker classes tell students to cut and past the ASCII text into a text editor, he says.
“So as you are doing the testing you are also cutting and pasting,” Callahan says. “Later, you can imagine after cutting and pasting, trying to sort out all of this information is tricky. If they collected all the data, getting them to explain it to somebody who can write a report for an executive, or a summary report for a general, is difficult, and it’s not unheard of that two days of testing will take two weeks to write a report. The real power of using a tool like NETT is not only the visualization aspects of it but all the data capture that would have been dumped to the screen is being parsed for tem and inserted into a sequel data base behind the scenes.”
So writing the report becomes easy, Callahan says. “That’s part of the penetration test realm that has really been ignored–the data report after the fact–and the ability to advertise that you could repeat that test six months later after the system has had a chance to be updated,” he says.
NETT was originally sought by the Army’s Threat Systems Management Office, an organization within the Project Manger Instrumentation Targets and Threat Simulators.