当前位置：网站首页>How to organize an actual attack and defense drill

How to organize an actual attack and defense drill

2022-07-05 21:43:00 【InfoQ】

The actual attack and defense drill usually takes the actually running information system as the drill target , Through supervised offensive and defensive confrontation , Simulate real network attacks to the greatest extent , To test the security of the information system and the effectiveness of the operation and maintenance guarantee . On the premise of ensuring the security of the business system , Identify the target system , Unlimited attack path , To raise rights 、 Control business 、 For the purpose of obtaining data . The actual attack and defense drill includes attack 、 defensive 、 Organize three parties , And equipped with actual attack and defense drill platform . The organizer is responsible for the organization and coordination of the overall work of the drill , It mainly includes the following parts

： Drill organization 、 Exercise process monitoring 、 Drill technical guidance 、 Emergency support 、 Drill summary 、 Suggestions on defensive technical measures and strategy optimization

etc. . The actual attack and defense drill can generally be divided into preparation 、 rehearse 、 There are three closing stages .

One 、 Organizational elements of actual attack and defense drill

The organizational elements of the actual attack and defense drill include organizational units 、 Technical support unit 、 Attack team 、 The defensive team has four parts .

Organizational unit
Be responsible for overall control 、 Resource coordination 、 Prepare for the drill 、 Drill organization 、 Drill summary 、 Implement rectification and other work .

Technical support unit
By a professional safety company , Be responsible for providing corresponding technical support and guarantee , Conduct the establishment of attack and defense confrontation exercise environment and visual display of attack and defense exercise .

Attack team
Generally, it is independently established by multiple security manufacturers , Each attack team is generally equipped with 3～5 people . With authorization , Explore with assets 、 Tool scanning and manual infiltration are the main penetration attacks , To obtain the permissions and data of the drill target system .

Defending Team
From the participating units 、 Personnel composition of safety manufacturers, etc , Mainly responsible for protecting the assets under the jurisdiction of the defense team , Try to prevent the blue team from getting permission and data .

Two 、 The organizational form of the actual attack and defense drill

Proceed from actual needs , There are two main organizational forms of actual attack and defense drills .

By state 、 Industry authorities 、 Drills organized by regulators
. Such drills are generally conducted by public security organs at all levels 、 E-mail departments at all levels 、 The government 、 Finance 、 traffic 、 health 、 education 、 Electric power 、 Countries such as operators 、 Industry competent departments or regulatory agencies organize . For key industry information infrastructure and important systems , Organize attack teams and enterprises and institutions in the industry to conduct network actual attack and defense drills .

Drills organized by large enterprises and institutions
. Financial enterprises 、 Operator, 、 administrative organ 、 Public institutions and other government and enterprise units , Verification requirements for the effectiveness of business security defense system construction , Organize attack teams and enterprises and institutions to conduct actual attack and defense drills .

3、 ... and 、 The key to the organization of the actual attack and defense drill

We should ensure the smooth implementation of the actual attack and defense drill , The key is to organize . The key organizational work includes determining the scope of the drill 、 cycle 、 Site and equipment , Set up an attack and defense team , Make rules , Video recording and many other aspects .

Scope of drill
： Prioritize priorities （ Unclassified ） Key business systems and Networks .

Drill cycle
： Combine with actual business , General advice 1～2 Zhou .

Drill site
： Select the corresponding site according to the drill scale , Be able to accommodate organizational units 、 Attack team 、 Defending Team , And the three sites should be separated .

Drill equipment
： Build an attack and defense drill platform 、 Video monitoring system , Distribute special computers to the attackers （ Or provide virtual attack terminals ） etc. .

The attack team was formed
： Choose the self owned personnel of the participating units or hire professionals from a third-party security service provider to form .

The defense team is formed
： Mainly the self owned safety technicians of each participating unit , Assisted by professionals from third-party security service providers .

Exercise rule making
： Formulate attack rules clearly before the drill 、 Defense rules and scoring rules , It is reasonable to ensure the offensive and defensive process , Avoid unnecessary impact of attack process on business operation .

Before the actual attack and defense drill, the constraint measures of attack and defense drill must be formulated , Avoid possible risks , Clearly put forward the limiting rules of attack and defense operations , Ensure that the attack and defense drill can be carried out safely within a limited range .

Four 、 Risk avoidance measures for actual attack and defense drills

The drill limits the attack target system , Unlimited attack path

During the drill , It can be attacked through multiple paths , The attack path adopted by the attack team is not limited . Find security vulnerabilities and hidden dangers in the attack path , The attack team should report the implemented attack to the drill headquarters in time , Destructive operations are not allowed , Avoid affecting the normal operation of the business system .

Unless authorized , Denial of service attacks are not allowed in the drill

Because the drill is carried out in a real environment , In order not to affect the normal business development of the attacked object , Unless authorized by the drill organizer , Drilling is not allowed SYN Flood、CC And other denial of service attacks .

Description of the attack method of web page tampering

The drill is only aimed at tampering with the primary or secondary pages of Internet systems or important applications , To test the defense team's emergency response and investigation 、 The ability to investigate . During the drill , The attack team should carry out attack penetration around the target system , After obtaining the site control permission , You need to ask the drill headquarters first , Post specific pictures on the designated webpage after approval （ Issued by the drill headquarters ）. For example, the Internet websites and business applications of the target system are well protected , The attack team can take the business application closely related to the target system as the penetration target .

Practice forbidden attack methods

There are also some restricted areas in the attack and defense techniques in the actual attack and defense drill . The purpose of setting the forbidden zone is to ensure that the information system security problems found through the drill are true and effective . Generally speaking , There are three main types of attacks prohibited ：1） It is forbidden to bribe defense team members to attack ;2） Physical intrusion is prohibited 、 Cut off and monitor the external optical fiber to attack ;3） It is forbidden to use radio jammers and other attack methods that directly affect the operation of the target system .

Requirements for the attacker's Trojan horse

The control end of the Trojan horse must use the software uniformly provided by the drill headquarters , The Trojan horse used should not have the ability to automatically delete the target system files 、 Damage boot sector 、 Active diffusion 、 Infection file 、 Cause server downtime and other destructive functions . It is forbidden to use destructive and infectious viruses in the drill 、 worm .

Illegal attack blocking and notification

In order to strengthen the monitoring of the attack of each attack team , Supervise the whole process of the drill through the attack and defense drill platform 、 Record 、 Audit and presentation , Avoid drilling affecting the normal operation of the business . The drill headquarters shall organize technical support units to record the full attack flow 、 analysis , Block illegal attacks when non-conforming attacks are found , And transferred to manual disposal , Inform the attack team .

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/186/202207052140187201.html