By Geoff Fein
General Dynamics [GD] is relying on open sources for its Network Exploitation Test Tool (NETT) to provide the Army with the same type of threats the service will find in the real world, according to a company official.
NETT uses open source in part because the Defense Department automatically validates that a threat is real if it’s been acquired from the open source, John Callahan, project manger for NETT, told Defense Daily in a recent interview.
“The use of the open source is really focused on providing validated threats within the computer network’s operations arena,” Callahan said. “When you start looking at that and looking at what happens in the hacking community, open source is predominately what is being used to conduct penetration attacks as well as penetration tests, not only by us but by other countries and other entities.”
NETT provides a cyber threat test on friendly force systems for vulnerability analysis and system evaluation (Defense Daily, March 26).
Callahan noted that an operator has to have a pretty good domain knowledge not only to get the open source tools installed and working properly, but then to use them. “There is a high learning curve on the tools.”
Open source embodies everything from script snippets of code to full-fledged applications that have user interfaces with them, he added.
To be proficient across the board in passive scanning, active scanning, and denial of service, a person really needs to be almost an engineer to pull that off, Callahan said.
“Part of what NETT does, it has engineers do that integration ahead of time,” he added. “That alleviates all the complexities and domain knowledge that’s needed to actually build a kit composed of open source that you would then use either for simulation or to use as a tester would to gain access to a computer or to perform training. NETT makes it much easier. It takes care of all of the lower level details that you or an organization or an individual would have to overcome to have a good suite of exploits that you would use for training.”
NETT also integrates a visualization aspect, which Callahan said is fairly rare in penetration tools.
“We give people NETT operators that they can use to monitor the attacks from either a third party or first person perspective. They can use the open source tools that hackers would use, such as SNORT, which is a [network] intrusion detection system, the most widely installed one out there, and they can use that to realize they are being attacked or to observe someone else being attacked,” Callahan said. “It does add a visual component to it to allow people to get their head around what’s happening on the wire.”
Callahan acknowledged that NETT, like any tool that does integration exploits, is challenged by the fast pace of technology.
“The idea of ‘zero day’ exploits for a test team is pretty critical because they want to bring the latest and greatest so that they are as current and as valid as possible,” he said. “With a tool like NETT, or any tool that does integration of exploits, we always lag the curve, because being responsive enough to bring those things in immediately, do the testing and the software development…it is going to force us to lag. We do our best to stay current, but we as well as any other tool, will not be ‘zero day’ related.”
Callahan noted that his folks also try to anticipate what exploits could be coming.
“Not that we are generating exploits…that’s not at all what NETT is about,” he said. “We take open source, so we are following what is happening in the open source community, but we also have productivity tools in addition to the visualization that allow operators to do packet analysis and things.”
Those tools are generic enough that with some information the exploitation team that is using NETT can use those tools to adapt to the latest technology, he added.
Callahan said there has been a lot of interest in NETT over the past two years. In partnership with the Army’s Threat Systems Management Office (TSMO), the focus has really been on providing NETT at DoD conferences.
“We have seen quite a few other contractors and also commercial companies have had a chance to see NETT in the public arena, and they are interested in it,” Callahan said.
But since the Army funds the effort, Callahan noted the service is very protective of it.
“The Army protects the system because it does make the potential of improving an individual’s capability,” he said. “You could take a novice hacker and they could become more efficient using NETT because of the integration we have performed.”
And the Army doesn’t want to be in a position of having NETT used against them, Callahan added. “That would be unfortunate, so they control it from that perspective…so it hasn’t been made available to the public sector.”