You're reading from Mastering Defensive Security Effective techniques to secure your Windows, Linux, IoT, and cloud infrastructure

Product type Paperback

Published in Jan 2022

Publisher Packt

ISBN-13 9781800208162

Length 528 pages

Edition 1st Edition

Languages

SQL

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Cesar Bravo

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Mastering Defensive Security Concepts

2. Chapter 1: A Refresher on Defensive Security Concepts FREE CHAPTER

3. Chapter 2: Managing Threats, Vulnerabilities, and Risks

4. Chapter 3: Comprehending Policies, Procedures, Compliance, and Audits

5. Chapter 4: Patching Layer 8

6. Chapter 5: Cybersecurity Technologies and Tools

7. Section 2: Applying Defensive Security

8. Chapter 6: Securing Windows Infrastructures

9. Chapter 7: Hardening a Unix Server

10. Chapter 8: Enhancing Your Network Defensive Skills

11. Chapter 9: Deep Diving into Physical Security

12. Chapter 10: Applying IoT Security

13. Chapter 11: Secure Development and Deployment on the Cloud

14. Chapter 12: Mastering Web App Security

15. Section 3: Deep Dive into Defensive Security

16. Chapter 13: Vulnerability Assessment Tools

17. Chapter 14: Malware Analysis

18. Chapter 15: Leveraging Pentesting for Defensive Security

19. Chapter 16: Practicing Forensics

20. Chapter 17: Achieving Automation of Security Tools

21. Chapter 18: The Master's Compilation of Useful Resources

22. Other Books You May Enjoy

Comparing the blue and red teams

The blue team is the defense team, the one in charge of the policies, processes, methods, and technologies aimed at preventing a cybersecurity incident (which is probably you).

On the other hand, the red team is a team of professionals trained to find vulnerabilities. They will use their skills to find a way to gain access to a given system or data.

They will basically follow the same steps that an attacker would, but instead of exposing your data or selling it to the highest bidder, they will create a beautiful report that you can use to detect your vulnerabilities and create strategies to correct them.

Some big companies may have their own red team, but this is very expensive, and resources may be underutilized, so most of the companies just hire them on a regular basis to test their infrastructure and gather valuable data to improve.

Like many other topics in cybersecurity, there is an open debate about red teams and pentesting, so to make things easier for the reader, pentesting will be defined as one of the tasks carried out by a red team.

As a defensive security professional, there are many factors that you must know about in relation to pentesting, such as the types of testing, pentesting services, and their benefits.

Types of pentesting

A pentest is classified based on the level of knowledge and access that you grant them prior to the test. The categories are as follows:

Black box

In this type of testing, the red team is not provided with any information about the target. This is commonly used when testing an entire infrastructure to find global vulnerabilities. Here, the red team will have to start by performing an initial discovery phase and move across layers to find any vulnerable spots.

This kind of testing is more generic and normally involves no collaboration between the teams. In fact, this is regularly performed as some type of audit in which just senior management knows about the execution of the test. This is normally done to perform a real test and without the security team being on alert.

This is normally the most complex, resource-intense, and extensive test of the three.

Gray box

Here you provide the red team with some details about the target while obscuring others. For example, you may ask to test a given application and provide the architecture of said application, but more detailed information, such as the source code and users, will be obscured.

White box

In this type of testing, you provide the red team with a lot of data about the tested system/infrastructure, including blueprints, users, code, and any other document related to the system/infrastructure being tested.

While this may seem as making life easier for the red team, this type is more about a collaborative environment between the blue and red teams to perform more targeted testing.

Pentesting services

You can pretty much test anything; however, here is a list of the most common types of pentesting offered:

Network services
Databases
Web applications
Web services
APIs
Wireless networks
BYOD
VPN
Social engineering
Physical intrusions
Code/applications

Benefits of pentesting

Many organizations are still reluctant to perform some type of pentesting on their environments, so let me share with you some benefits to motivate a company to use this great asset:

External feedback about your infrastructure, including weak points, vulnerabilities, and improvement areas
An opportunity to close security gaps before they are exploited by criminals
Objective evaluation
Support of your continuous improvement initiatives
External validation of your hard work!!!
Tips
Hiring a dedicated red team may be expensive; however, if you have someone in your team with offensive skills, you can leverage that experience to perform mini testing (like a mini purple team).
Having a purple team does not replace the need for a red team as the inputs from an external "unbiased" tester provide additional insights and value.
Be careful when hiring a red team as they will handle very sensitive information about the company. Here, the rule is that you should always work with a partner that you can trust.
Involve your legal team and make sure that a confidentiality and data privacy contract is signed with the red team.