2.0 KiB
{{Entity|TeamBlue| TeamBlue acts as the defensive side of penetration testing and is the primary testground for Cerberus and all of :Category:Security. |word=Blue teams are colored after police and friendly forces in penetration testing exercises. |cap=1 core, 2GB RAM, 30GB hard-drive. |host=TeamBlue should have the extras from Cerberus installed. {{Reference|Cerberus}}{{Reference|VirusScan}} |conn=This box is expected to be attacked by TeamRed. We may add CFEngine for compliance and patching control, and use this machine to test patches before pushing them to Core, Bastion, DarkNet, and Team VM's. {{Reference|Core}}{{Reference|Sora}} |add Watch [https://wiki.archlinux.org/index.php/List_of_applications/Security ArchLinux's Security application list] for tools specific to your use case.
Security Essentials
Alien Vault recommends the following five security essentials for a "blue" security team.[https://www.alienvault.com/forms/webcast-thank-you/how-to-simplify-pci-dss-compliance-with-unified-security-management How to Simplify PCI-DSS Compliance with Unified Security Management], accessed 9/7/2017
Asset Discovery
This can be coordinated through a nmap script like below, or through Geth's [https://home-assistant.io/components/discovery/ discovery].module.
Vulnerability Assessment
We're looking at a couple candidates for this: Category:TODO
- lynis
- OpenSCAP
Intrusion Detection
This functionality is provided by Cerberus. We're considering Tripwire and OSSEC to replace AIDE inside Cerberus.
Behaviorial Monitoring
We use Heartbeat to set each system's baseline and audit logs for user behavior.
Log Management
We're evaluating using AniNIX::Bastion as a rsyslog host.
Encryption
At rest
We use dmcrypt to encrypt files by default at the storage layer via ShadowArch
In motion
We use :Category:SSL for encrypting data in motion. }}