Blue Team Red Team
Playing the role of an attacker can make your team better at defense. Our step by step guide to war gaming your security infrastructure–from involving the right people to weighing a hypothetical vs. live event.
Cyber Guardian: Blue Team
Blue Team Red Team. Hands-on technical skills is required to be a member of the Cyber Guardian Blue Team or the Cyber Guardian Red Team :123
- Harden Windows against Advanced Persistent Threat (APT) hackers.
- Limit the harm from the compromise of admin users and IT staff.
- Harden Windows and applications against client-side exploitation.
- Apply DoD/DISA security templates and STIGs with Group Policy.
- Enforce classification labels (like FOUO) across file servers.
- Use IPSec and the Windows firewall for restricting TCP port access.
- Harden IIS web servers against determined attackers.
- OS Lockdown – Reduce attack surface by minimizing installed packages and active services. Apply network filtering to protect systems. Tune kernel to thwart attacks.
- Logging and Monitoring – Understand different levels of logging and how to apply them. Build centralized logging/alerting infrastructure. Use HIDS tools appropriately.
- Application Security – Apply isolation techniques such as chroot() and SELinux. Understand appropriate security controls for common apps (Apache, BIND, Sendmail, …)
- User Access – Understand common password attacks and how to mitigate them. Maintain fine-grained control over admin access. Authentication controls for automated tasks.
- Understanding the rules of network communication and how to bend them
- Understanding traffic flow, packet filtering, proxy firewalls and network based intrusion detection
- Methods to secure systems exposed to the internet and common tools to simplify the task
Candidates must successfully complete one of the following courses and the corresponding certifications:
Courses & Certifications:
Cyber Guardian: Red Team
Hands-on technical skills required to be a member of the Cyber Guardian Red Team:
Blue Team Red Team. Alternative perspective includes how the military exercises the above objectives. The Government Accountability Office does it. So does the NSA. And the concept is making its way into the corporate world, too: war gaming the security infrastructure. Red team-blue team exercises take their name from their military antecedents. The idea is simple: One group of security pros–a red team–attacks something, and an opposing group–the blue team–defends it. Originally, the exercises were used by the military to test force-readiness. They have also been used to test physical security of sensitive sites like nuclear facilities and the Department of Energy’s National Laboratories and Technology Centers. In the ’90s, experts began using red team-blue team exercises to test information security systems; Red Team-Blue Team simulation will have illustration.
Blue Team Red Team. However, companies in any industry can benefit from a red team-blue team exercise. SANS hosted a cyberwarfare event at its 2007 Las Vegas trainings in which a red team attacked a fake company it called GIAC Enterprises, supposedly the world’s largest provider of fortunes for fortune cookies. In February of this year, eBay ran a red-team exercise with various CISO and vendor invitees. For those who missed the fortune cookie attack or eBay’s confab, we’ve collected tips on how to get the most out of your own infosecurity red team-blue team simulation. We will intruct MORE ON CSO:10 tips to make sure you are ready when a disaster strikes. Get the Right People to Your Red Team-Blue Team Kickoff Meeting in primary training exercise.
“I start by getting the admin and security people in the same room,” says Michael Assante, an infrastructure protection strategist at Idaho National Laboratory (INL). “I have the security team do a thorough analysis of what we have in place.” This is one of the easiest ways to identify security vulnerabilities, and it also helps with an issue key to any successful red team-blue team exercise: buy in. Yes, it’s one of the most overused phrases in a consultant’s vocabulary, but the approval of management and employees is essential when testing information security systems.
The goal of a red team-blue team exercise is not just to identify holes in security, but to train security personnel and management. If not everyone agrees on the value of the exercise, it can quickly devolve into defensive posturing and wasted time. After all, you may be asking higher-ups for the time and budget required to fix flaws the exercise discovers. An initial assessment may identify changes that need to be made. Then, it’s time to get started.
Attack the Whiteboard; The simplest version of a red team-blue team exercise requires little more than a conference table. Divide your security staff into teams, and spend an afternoon talking through possible attack-defend scenarios. The key element for success is a red team that can get into the mind-set of an attacker. “Red-teaming is a thought process,” explains Tom Anderson of INL. “The problem with having the people who built [the security system] do it is they have an interest in protecting it.” To combat self-interest and homogeneity, Anderson and Assante create diversified teams where experts from INL work alongside staff from the company they’re assisting.
That’s not to say you can’t do it on your own, but it’s important to at least try to think like an outsider. “A lot of times when we develop security systems, it’s to keep the honest person honest,” explains Assante. An attacker will disregard more than rules; he or she will disregard the company’s norms. Consider who your attackers may be. Power plants may be targeted by terrorists. Banks by criminals. Anyone by a disgruntled ex-employee. It can take time and effort to step back and view the system like an outsider, or even an insider who intends to harm. One of the values of a tabletop exercise is that it lets players consider the system as a whole.
Blue Team Red Team. Most companies that don’t house nuclear materials are unlikely to engage in full-scale physical exercises with armed forces storming their building, but it’s important to consider physical security when developing whiteboard attacks. “Physical systems have to protect the cybersystems, and the cybersystems have to protect the physical systems,” says Ray Parks, leader of the Sandia Red Team. “The first thing the guys designing physical security systems say to me is usually, The backbone of our security is a gigabit Ethernet.” Knock that out (by cyber or physical attack) and suddenly the physical access control system is out of commission. The conference room exercise is especially important for companies that have never attempted a red team-blue team exercise before.
Blue Team Red Team. “Just by doing a tabletop exercise, you can learn a lot about your risk,” says Assante. And, strange as it sounds, keeping things hypothetical provides a learning opportunity that an actual cyberattack by high-end pros may not. In a recent paper, Greg B. White, the director of the Center for Infrastructure Assurance and Security, called red-team attacks on truly unprepared targets “roughly equivalent to army recruits attempting to defend an installation from a group of elite paramilitary forces. Ultimately, the recruits would learn they weren’t ready, but the exercise wouldn’t provide any training to make them ready.” A tabletop exercise provides the opportunity to reflect and assess response options as well as attacks. And then think about what possible breaches might mean. “What is the top end consequence?” says Assante. “A $10 million loss? Regulatory risk? Is the safety of employees at risk? Or customers?
Red-Team the Network :
Blue Team Red Team. Once you’ve fixed the holes your whiteboard exercises identified, however, a live attack-and-defend exercise can provide a whole new level of insight, but it’s not an activity to be taken on lightly. In some cases, vulnerabilities can be safely demonstrated on a live corporate network, but it’s not wise to launch a real attack against your production systems. “Certain kinds of systems should almost never be subjected to live penetration testing,” notes Clem.
When he works with companies that rely on SCADA (Supervisory Control and Data Acquisition) systems to keep plants up and running–common in industries such as power generation and oil and gas refineries–Clem works on test networks not connected to the company’s process controls. Assante says that at Idaho National Labs, his team has built client-specific test beds that mimic the company’s real network in order to offer what he calls “facilitated immersive training.”
Some of the network and security staff try to defend the network while others join Assante’s red-team colleagues in attacking it. “This gives the blue team, the defenders, confidence,” says Assante. “It’s also very useful to the red team. You see vulnerabilities in a whole new light. And they bring that training back” to their coworkers. Giovanni Vigna is an associate professor in the computer security group at UC Santa Barbara’s department of computer science.
Blue Team Red Team. The majority of his students go to work for startups or as security consultants. At the end of the fall semester each year, for his class final, Vigna stages a Capture the Flag competition, a sophisticated red team-blue team exercise in which all teams both attack and defend. It’s such a popular event that he’s expanded the competition to other universities; last December, classes from 36 teams across four continents participated. “If you’re given a website and you have to break into it, that’s an incredibly valuable experience,” says Vigna. “You can read about PHP file inclusion and how it’s a problem, but once you exploit one of those goodies, you really understand what’s going on.”
Red-Team Your Users : - Even at National Labs, employees are often the weakest link in a security plan. But even if you don't have to worry about employees copying classified material onto home computers, it's important to think about how an enemy could exploit weaknesses in your employees' behavior.
Do they prop-open automatic doors? Click on e-mail attachments from strangers? You can test for these problems and similar ones.Assuming you have a written security policy and employees are aware of it, you may not want to announce a red-team exercise, since your goal is to determine the risks of normal behavior. Assante and Anderson have left USB devices lying around office buildings to see who picked them up and plugged them into their computers. They’ve also sent phishing e-mails to employees to see who would take the bait.
As with earlier exercises, consider the possible consequences of these actions, and also how you can use the exercise to provide training. Think scary blue warning screens when users click through bad links in spam and what about Rinse and Repeat?
Blue Team Red Team. If you’ve done all these things, you’re probably feeling pretty good about your information security, and you should. But not for too long. Any CSO worth his or her salt knows security is a moving target. Bad guys are adapting. Even more important, your network is changing. In all likelihood, so is your employee base. Sandia’s Parks recalls visiting a client that had implemented a dual man-trap door system in front of a secure area. However, the badge-swipe controller that opened the doors was housed in the regular corporate office and also connected to systems in the human resources department. The result was that access to the “secure” area was controlled by systems located in non-secure areas.
The badge-swipe system had been designed for building access. Then, later, the government mandated the man-trap dual door system, so the company simply extended a badge-swipe system it already had in place. “They hadn’t thought about the fact that the badge system wasn’t designed for that,” says Parks. Red-teaming helps companies understand the unintended consequences of those kinds of decisions, and not just at companies with double-door systems. Sandia’s red team developed a specialty in wireless security because the need appeared. “Many people migrate from a wired network to a wireless one assuming it works exactly the same, because from their perspective it does work the same,” explains Parks. “They don’t realize that there are different characteristics that provide different attack surfaces.”
“Red-teaming is good at helping the customer understand interdependencies,” says Clem, who advocates bringing a red-team mentality to design decisions. He wants his clients to think, How does that added functionality affect security? What could the bad guy do if we do that?
The Blue Pill -The Red Pill :
Blue Team Red Team. ““You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the rabbit hole goes.” The term redpill refers to a human that is aware of the true nature of the Matrix(?).” [The Matrix makes references to historical myths and philosophy, including gnosticism, existentialism, and nihilism. The film’s premise resembles Plato‘s Allegory of the cave, René Descartes‘s skepticism and evil demon, Kant‘s reflections on the Phenomenon versus the Ding an sich, Zhuangzi‘s “Zhuangzi dreamed he was a butterfly“, the concept of a simulated reality and the brain in a vat thought experiment. Japanese director Mamoru Oshii‘s Ghost in the Shell was a strong influence.]
The red pill and its opposite, the blue pill, are popular culture symbols representing the choice between embracing the sometimes painful truth of reality (red pill) and the blissful ignorance of illusion (blue pill).
The terms, popularized in science fiction culture, are derived from the 1999 film The Matrix. In the film, the main character Neo is offered the choice between a red pill and a blue pill. The blue pill would allow him to remain in the fabricated reality of the Matrix, therefore living the “ignorance of illusion”, while the red pill would lead to his escape from the Matrix and into the real world, therefore living the “truth of reality” even though it is a harsher, more difficult life.
- “You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the rabbit hole goes.“
- ―Morpheus, to Neo [src]
The term redpill refers to a human that is aware of the true nature of the Matrix. Redpills are typically humans whose bodies and minds have been freed from the power plant by Zion hovercraft teams, but humans still connected to the Matrix can also be aware of its reality. Usually, Redpills encounter anomalies or glitches in the system, or may free themselves from physical bonds by exceeding human limitations. In either of these cases, other Redpills find them and offer them freedom.
Magnet Pole North is symbolized as Red and Magnetic Pole South is symbolized as as Blue, and transdimensional includes with uninformed as to why?
A Redshift is any increased in wavelength, (A Redshift is a Decrease in frequency),
A Blueshift is any decrease in wavelength (A Blueshift is an Increase in frequency).
A Blueshift is any decrease in wavelength, with a corresponding increase in frequency, of an electromagnetic wave; the opposite effect is referred to as redshift. In visible light, this shifts the color from the red end of the spectrum to the blue end.
We live in a civilization which is as of current Pre-Transdimensional Warp Drive culture of public domain known as the Red Pill. We live in a civilization which is in a Post-Transdimensional Warp Drive culture of Non-Public Domain known as the the Blue pill.
This Movie, “The Matrix” built the entire movie around the Red Pill being the rabbit hole and the Blue Pill being the propagandized coma induced world is actually the opposite.
The Math we know of is all hot energy red pill, and the cold energy, (which is also known as zero-point), is the blue pill, thus the rabbit hole and the other portion of math we are not allowed to know or be a part of, because you are all Zombie Douche-Bag Label Wholes.
Redshift and Blueshift describe how light changes as objects in space (such as stars or galaxies) move closer or farther away from us. The concept is key to charting the universe’s expansion.
Visible light is a spectrum of colors, which is clear to anyone who has looked at a rainbow. When an object moves away from us, the light is shifted to the red end of the spectrum, as its wavelengths get longer. If an object moves closer, the light moves to the blue end of the spectrum, as its wavelengths get shorter.
To think of this more clearly, the European Space Agency suggests, imagine yourself listening to a police siren as the car rushes by you on the road.
“Everyone has heard the increased pitch of an approaching police siren and the sharp decrease in pitch as the siren passes by and recedes. The effect arises because the sound waves arrive at the listener’s ear closer together as the source approaches, and further apart as it recedes,” ESA wrote.
Sound and light :
Blue Team Red Team. This sound effect was first described by Christian Andreas Doppler and is called the Doppler effect. Since light also emanates in wavelengths, this means that the wavelengths can stretch or crunch together depending on the relative position of objects. That said, we don’t notice it on daily-life-sized scale because light travels so much faster than the speed of sound — a million times faster, ESA noted.
American astronomer Edwin Hubble (who the Hubble Space Telescope is named after) was the first to describe the redshift phenomenon and tie it to an expanding universe. His observations, revealed in 1929, showed that nearly all galaxies he observed are moving away, NASA said.
“This phenomenon was observed as a redshift of a galaxy’s spectrum,” NASA wrote. “This redshift appeared to be larger for faint, presumably further, galaxies. Hence, the farther a galaxy, the faster it is receding from Earth.”
The galaxies are moving away from Earth because the fabric of space itself is expanding. While galaxies themselves are on the move — the Andromeda Galaxy and the Milky Way, for example, are on a collision course — there is an overall phenomenon of redshift happening as the universe gets bigger.
The terms redshift and blueshift apply to any part of the electromagnetic spectrum, including radio waves, infrared, ultraviolet, X-rays and gamma rays. So, if radio waves are shifted into the ultraviolet part of the spectrum, they are said to be redshifted — shifted toward the lower frequencies.
The redshift of an object is measured by examining the absorption or emission lines in its spectrum. These lines are unique for each element and always have the same spacing. When an object in space moves toward or away from us, the lines can be found at different wavelengths than where they would be if the object were not moving (relative to us). [Related: Make Your Own Spectroscope]
Redshift is defined as the change in the wavelength of the light divided by the wavelength that the light would have if the source was not moving — called the rest wavelength:
Redshift = (Observed wavelength – Rest wavelength)/(Rest wavelength)
Three types of redshift :
At least three types of redshift occur in the universe — from the universe’s expansion, from the movement of galaxies relative to each other and from “gravitational redshift,” which happens when light is shifted due to the massive amount of matter inside of a galaxy.
This latter redshift is the subtlest of the three, but in 2011 scientists were able to identify it on a universe-size scale. Astronomers did a statistical analysis of a large catalog known as the Sloan Digital Sky Survey, and found that gravitational redshift does happen — exactly in line with Einstein’s theory of general relativity. This work was published in a Nature paper.
“We have independent measurements of the cluster masses, so we can calculate what the expectation for gravitational redshift based on general relativity is,” said University of Copenhagen astrophysicist Radek Wojtak at the time. “It agrees exactly with the measurements of this effect.”
The first detection of gravitational redshift came in 1959, after scientists detected it occurring in gamma-ray light emanating from an Earth-based lab. Previous to 2011, it also was found in the sun and in nearby white dwarfs, or the dead stars that remain after sun-sized stars cease nuclear fusion late in their lives.