How to organize an actual attack and defense drill

One 、 Organizational elements of actual attack and defense drill

• Organizational unit
  Be responsible for overall control 、 Resource coordination 、 Prepare for the drill 、 Drill organization 、 Drill summary 、 Implement rectification and other work .

• Technical support unit
  By a professional safety company , Be responsible for providing corresponding technical support and guarantee , Conduct the establishment of attack and defense confrontation exercise environment and visual display of attack and defense exercise .

• Attack team
  Generally, it is independently established by multiple security manufacturers , Each attack team is generally equipped with 3～5 people . With authorization , Explore with assets 、 Tool scanning and manual infiltration are the main penetration attacks , To obtain the permissions and data of the drill target system .

• Defending Team
  From the participating units 、 Personnel composition of safety manufacturers, etc , Mainly responsible for protecting the assets under the jurisdiction of the defense team , Try to prevent the blue team from getting permission and data .

Two 、 The organizational form of the actual attack and defense drill

• By state 、 Industry authorities 、 Drills organized by regulators
  . Such drills are generally conducted by public security organs at all levels 、 E-mail departments at all levels 、 The government 、 Finance 、 traffic 、 health 、 education 、 Electric power 、 Countries such as operators 、 Industry competent departments or regulatory agencies organize . For key industry information infrastructure and important systems , Organize attack teams and enterprises and institutions in the industry to conduct network actual attack and defense drills .

• Drills organized by large enterprises and institutions
  . Financial enterprises 、 Operator, 、 administrative organ 、 Public institutions and other government and enterprise units , Verification requirements for the effectiveness of business security defense system construction , Organize attack teams and enterprises and institutions to conduct actual attack and defense drills .

3、 ... and 、 The key to the organization of the actual attack and defense drill

• Scope of drill
  ： Prioritize priorities （ Unclassified ） Key business systems and Networks .

• Drill cycle
  ： Combine with actual business , General advice 1～2 Zhou .

• Drill site
  ： Select the corresponding site according to the drill scale , Be able to accommodate organizational units 、 Attack team 、 Defending Team , And the three sites should be separated .

• Drill equipment
  ： Build an attack and defense drill platform 、 Video monitoring system , Distribute special computers to the attackers （ Or provide virtual attack terminals ） etc. .

• The attack team was formed
  ： Choose the self owned personnel of the participating units or hire professionals from a third-party security service provider to form .

• The defense team is formed
  ： Mainly the self owned safety technicians of each participating unit , Assisted by professionals from third-party security service providers .

• Exercise rule making
  ： Formulate attack rules clearly before the drill 、 Defense rules and scoring rules , It is reasonable to ensure the offensive and defensive process , Avoid unnecessary impact of attack process on business operation .

Four 、 Risk avoidance measures for actual attack and defense drills

• The drill limits the attack target system , Unlimited attack path

• Unless authorized , Denial of service attacks are not allowed in the drill

• Description of the attack method of web page tampering

• Practice forbidden attack methods

• Requirements for the attacker's Trojan horse

• Illegal attack blocking and notification