33 lines
2.0 KiB
Markdown
33 lines
2.0 KiB
Markdown
|
{{Entity|TeamBlue|
|
||
|
TeamBlue acts as the defensive side of penetration testing and is the primary testground for [[Cerberus|AniNIX::Cerberus]] and all of [[:Category:Security|our security best-practices]].
|
||
|
|word=Blue teams are colored after police and friendly forces in penetration testing exercises.
|
||
|
|cap=1 core, 2GB RAM, 30GB hard-drive.
|
||
|
|host=TeamBlue should have the extras from Cerberus installed.
|
||
|
{{Reference|Cerberus}}{{Reference|VirusScan}}
|
||
|
|conn=This box is expected to be attacked by TeamRed. We may add CFEngine for compliance and patching control, and use this machine to test patches before pushing them to Core, Bastion, DarkNet, and Team VM's.
|
||
|
{{Reference|Core}}{{Reference|Sora}}
|
||
|
|add
|
||
|
Watch [https://wiki.archlinux.org/index.php/List_of_applications/Security ArchLinux's Security application list] for tools specific to your use case.
|
||
|
|
||
|
# Security Essentials
|
||
|
Alien Vault recommends the following five security essentials for a "blue" security team.<ref name=avwebcastpci>[https://www.alienvault.com/forms/webcast-thank-you/how-to-simplify-pci-dss-compliance-with-unified-security-management How to Simplify PCI-DSS Compliance with Unified Security Management], accessed 9/7/2017</ref>
|
||
|
## Asset Discovery
|
||
|
This can be coordinated through a nmap script like below, or through [[Geth|AniNIX::Geth]]'s [https://home-assistant.io/components/discovery/ discovery].module.
|
||
|
## Vulnerability Assessment
|
||
|
We're looking at a couple candidates for this: [[Category:TODO]]
|
||
|
* lynis
|
||
|
* OpenSCAP
|
||
|
## Intrusion Detection
|
||
|
This functionality is provided by [[Cerberus|AniNIX::Cerberus]]. We're considering Tripwire and OSSEC to replace AIDE inside Cerberus.
|
||
|
## Behaviorial Monitoring
|
||
|
We use [[Heartbeat|AniNIX::Heartbeat]] to set each system's baseline and audit logs for user behavior.
|
||
|
## Log Management
|
||
|
We're evaluating using [[AniNIX::Bastion]] as a rsyslog host.
|
||
|
## Encryption
|
||
|
### At rest
|
||
|
We use dmcrypt to encrypt files by default at the storage layer via [[ShadowArch|AniNIX::ShadowArch]]
|
||
|
### In motion
|
||
|
We use [[:Category:SSL|SSL]] for encrypting data in motion.
|
||
|
}}
|
||
|
# References
|
||
|
[[Category:Security]]
|