The tools and tactics presented here are current, but not leading edge – real attackers are likely to be using more advanced tools and techniques. Many other existing vectors that could be considered as penetration pathways were not presented in this paper. Entire papers could be written about each of the security controls that have been presented here and each of the attack vectors used. A macro approach was necessary in order to create a collective version.
Consider this; the attackers are well trained, highly motivated professionals who are focused on a single purpose, use good knowledge management techniques and have a sophisticated understanding of attack methodology. They are going up against a team of defenders who are generally not well trained on security issues, are more motivated to please their boss or keep their jobs than to defend the network, have many tasks to perform besides security, often have office politics and bureaucracy inhibiting knowledge management and have little or no understanding of how they will be attacked. Ask yourself – if a professional national security cyber attack team has already penetrated YOUR network, would you know it?