Red vs Blue
The red team is responsible for offensive operations or penetration testing.
The blue team acts as the defenders to secure the network infrastructure.
The purple team is a joint approach using increased communication between the red and blue team.
Defense in Depth
Defense in depth is the idea to prepare several independent fallbacks to detect and respond to attacks.
Risk Management
Risk management manages the likelihood of an attack. The prevention should match the value of the item. The three areas of risk are confidentiality, integrity, and availability.
Critical Controls
- Inventory of authorized devices
- Inventory of authorized software
- Secure configurations for hardware and software
- Continuous vulnerability assessment
- Controlled admin privileges
- Log files
- Email & web browser protections
- Malware defense
- Limited network access
- Data recovery
- Secure network configuration
- Boundary defense
- Data protection
- Controlled access
- Wireless access control
- Security training
- Application software security
- Incident response
- Penetration tests
Stages of Attack
- Reconnaissance
- Initial Exploitation
- Establish Persistence & Escalate Privileges
- Move Laterally
- Exfiltration