AniNIX/Wiki
AniNIX
/
Wiki
2
0
Fork 0
Code Issues 9 Pull Requests 2 Releases Activity
Wiki/Operation/TeamBlue.md

33 lines
2.0 KiB
Markdown
Raw Blame History

{{Entity|TeamBlue|
TeamBlue acts as the defensive side of penetration testing and is the primary testground for [[Cerberus|AniNIX::Cerberus]] and all of [[:Category:Security|our security best-practices]].
|word=Blue teams are colored after police and friendly forces in penetration testing exercises.
|cap=1 core, 2GB RAM, 30GB hard-drive.
|host=TeamBlue should have the extras from Cerberus installed.
{{Reference|Cerberus}}{{Reference|VirusScan}}
|conn=This box is expected to be attacked by TeamRed. We may add CFEngine for compliance and patching control, and use this machine to test patches before pushing them to Core, Bastion, DarkNet, and Team VM's.
{{Reference|Core}}{{Reference|Sora}}
|add
Watch [https://wiki.archlinux.org/index.php/List_of_applications/Security ArchLinux's Security application list] for tools specific to your use case.
# Security Essentials
Alien Vault recommends the following five security essentials for a "blue" security team.<ref name=avwebcastpci>[https://www.alienvault.com/forms/webcast-thank-you/how-to-simplify-pci-dss-compliance-with-unified-security-management How to Simplify PCI-DSS Compliance with Unified Security Management], accessed 9/7/2017</ref>
## Asset Discovery
This can be coordinated through a nmap script like below, or through [[Geth|AniNIX::Geth]]'s [https://home-assistant.io/components/discovery/ discovery].module.
## Vulnerability Assessment
We're looking at a couple candidates for this: [[Category:TODO]]
* lynis
* OpenSCAP
## Intrusion Detection
This functionality is provided by [[Cerberus|AniNIX::Cerberus]]. We're considering Tripwire and OSSEC to replace AIDE inside Cerberus.
## Behaviorial Monitoring
We use [[Heartbeat|AniNIX::Heartbeat]] to set each system's baseline and audit logs for user behavior.
## Log Management
We're evaluating using [[AniNIX::Bastion]] as a rsyslog host.
## Encryption
### At rest
We use dmcrypt to encrypt files by default at the storage layer via [[ShadowArch|AniNIX::ShadowArch]]
### In motion
We use [[:Category:SSL|SSL]] for encrypting data in motion.
}}
# References
[[Category:Security]]
Reference in New Issue View Git Blame Copy Permalink