Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Defensive Security

You're reading from   Mastering Defensive Security Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Arrow left icon
Product type Paperback
Published in Jan 2022
Publisher Packt
ISBN-13 9781800208162
Length 528 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Cesar Bravo Cesar Bravo
Author Profile Icon Cesar Bravo
Cesar Bravo
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Mastering Defensive Security Concepts
2. Chapter 1: A Refresher on Defensive Security Concepts FREE CHAPTER 3. Chapter 2: Managing Threats, Vulnerabilities, and Risks 4. Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits 5. Chapter 4: Patching Layer 8 6. Chapter 5: Cybersecurity Technologies and Tools 7. Section 2: Applying Defensive Security
8. Chapter 6: Securing Windows Infrastructures 9. Chapter 7: Hardening a Unix Server 10. Chapter 8: Enhancing Your Network Defensive Skills 11. Chapter 9: Deep Diving into Physical Security 12. Chapter 10: Applying IoT Security 13. Chapter 11: Secure Development and Deployment on the Cloud 14. Chapter 12: Mastering Web App Security 15. Section 3: Deep Dive into Defensive Security
16. Chapter 13: Vulnerability Assessment Tools 17. Chapter 14: Malware Analysis 18. Chapter 15: Leveraging Pentesting for Defensive Security 19. Chapter 16: Practicing Forensics 20. Chapter 17: Achieving Automation of Security Tools 21. Chapter 18: The Master's Compilation of Useful Resources 22. Other Books You May Enjoy

Comparing the blue and red teams

The blue team is the defense team, the one in charge of the policies, processes, methods, and technologies aimed at preventing a cybersecurity incident (which is probably you).

On the other hand, the red team is a team of professionals trained to find vulnerabilities. They will use their skills to find a way to gain access to a given system or data.

They will basically follow the same steps that an attacker would, but instead of exposing your data or selling it to the highest bidder, they will create a beautiful report that you can use to detect your vulnerabilities and create strategies to correct them.

Some big companies may have their own red team, but this is very expensive, and resources may be underutilized, so most of the companies just hire them on a regular basis to test their infrastructure and gather valuable data to improve.

Like many other topics in cybersecurity, there is an open debate about red teams and pentesting, so to make things easier for the reader, pentesting will be defined as one of the tasks carried out by a red team.

As a defensive security professional, there are many factors that you must know about in relation to pentesting, such as the types of testing, pentesting services, and their benefits.

Types of pentesting

A pentest is classified based on the level of knowledge and access that you grant them prior to the test. The categories are as follows:

Black box

In this type of testing, the red team is not provided with any information about the target. This is commonly used when testing an entire infrastructure to find global vulnerabilities. Here, the red team will have to start by performing an initial discovery phase and move across layers to find any vulnerable spots.

This kind of testing is more generic and normally involves no collaboration between the teams. In fact, this is regularly performed as some type of audit in which just senior management knows about the execution of the test. This is normally done to perform a real test and without the security team being on alert.

This is normally the most complex, resource-intense, and extensive test of the three.

Gray box

Here you provide the red team with some details about the target while obscuring others. For example, you may ask to test a given application and provide the architecture of said application, but more detailed information, such as the source code and users, will be obscured.

White box

In this type of testing, you provide the red team with a lot of data about the tested system/infrastructure, including blueprints, users, code, and any other document related to the system/infrastructure being tested.

While this may seem as making life easier for the red team, this type is more about a collaborative environment between the blue and red teams to perform more targeted testing.

Pentesting services

You can pretty much test anything; however, here is a list of the most common types of pentesting offered:

  • Network services
  • Databases
  • Web applications
  • Web services
  • APIs
  • Wireless networks
  • BYOD
  • VPN
  • Social engineering
  • Physical intrusions
  • Code/applications

Benefits of pentesting

Many organizations are still reluctant to perform some type of pentesting on their environments, so let me share with you some benefits to motivate a company to use this great asset:

  • External feedback about your infrastructure, including weak points, vulnerabilities, and improvement areas
  • An opportunity to close security gaps before they are exploited by criminals
  • Objective evaluation
  • Support of your continuous improvement initiatives
  • External validation of your hard work!!!

    Tips

    Hiring a dedicated red team may be expensive; however, if you have someone in your team with offensive skills, you can leverage that experience to perform mini testing (like a mini purple team).

    Having a purple team does not replace the need for a red team as the inputs from an external "unbiased" tester provide additional insights and value.

    Be careful when hiring a red team as they will handle very sensitive information about the company. Here, the rule is that you should always work with a partner that you can trust.

    Involve your legal team and make sure that a confidentiality and data privacy contract is signed with the red team.

You have been reading a chapter from
Mastering Defensive Security
Published in: Jan 2022
Publisher: Packt
ISBN-13: 9781800208162
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image