Just to be clear, I will absolutely create new domain users or add my own ssh keys to an authorized_keys file to escalate privs or move laterally through a network while I’m “hacking”.
Also a malicious actor opening a reverse port forward tunnel with ssh allows them to punch a hole to them on the WAN side of the network when they’re dealing with NAT or firewall rules. If a system is truly airgapped then that accomplishes nothing. You’d need something plugged in to the airgapped system or airgapped network to bridge that air gap, like a usb adapter that has a SIM card in it.
Since we are talking about payment systems that interact with other banking systems, they will not be actually air gapped. By the nature and purpose of the systems in question, they must have access to the physical Internet (even if it is entirely abstracted away under layers of VPNs and encryption).
Assuming them compromised is prudent. Physical access is total access.
Just to be clear, I will absolutely create new domain users or add my own ssh keys to an authorized_keys file to escalate privs or move laterally through a network while I’m “hacking”.
Also a malicious actor opening a reverse port forward tunnel with ssh allows them to punch a hole to them on the WAN side of the network when they’re dealing with NAT or firewall rules. If a system is truly airgapped then that accomplishes nothing. You’d need something plugged in to the airgapped system or airgapped network to bridge that air gap, like a usb adapter that has a SIM card in it.
Since we are talking about payment systems that interact with other banking systems, they will not be actually air gapped. By the nature and purpose of the systems in question, they must have access to the physical Internet (even if it is entirely abstracted away under layers of VPNs and encryption).
Assuming them compromised is prudent. Physical access is total access.