当前位置：网站首页>5 minutes to understand the red, blue and purple in the attack and defense drill

5 minutes to understand the red, blue and purple in the attack and defense drill

2022-06-11 18:22:00 【InfoQ】

On network security , In the real world

Network attack and defense drill

It is also the best way to test the defense ability of the security team in network security 、 One of the ways to discover security risks in the current network environment .

The development of actual combat attack and defense drill in China is divided into two stages ：

The first stage is the experimental stage

, Focus on learning advanced practical experience , There are few participating units , The drill scope is small ;

The second stage is the promotion stage

, The development of actual combat drill is rapid , The number of participating units has exploded , The drill is maturing 、 Normalization 、 diversification 、 systematic .

The two sides of defense and attack in the network actual combat attack and defense drill are called red team and blue team respectively . Usually in the attack and defense drill , Except for the red and blue sides , It is also necessary to organize the drill from a neutral point of view 、 Third party for judging, etc , Namely purple team .

One 、 About the blue team

The blue team refers to the attacking party in the network actual combat attack and defense drill

, With

Identify system weaknesses 、 Improve system security as the goal

, It is generally aimed at the employees of the target unit and the software in the network where the target system is located 、 Hardware devices perform multi angle 、 comprehensive 、 Confrontational hybrid simulated attacks , Through technical means to realize the system right raising 、 Control business 、 Access to data and other penetration targets , To discover the system 、 technology 、 personnel 、 Network security risks or weak links in management and infrastructure .

In the drill , The blue team usually plays with 3 Make a combat team ,1 As the team leader . The blue team attacked

Generally, only the attack range and attack period are limited

, There are not many restrictions on specific attack methods . But the use of all technologies 、 Chengdu must strictly abide by relevant national laws and regulations to achieve the goal .

As the attack and defense drill matures , The work of the blue team has become very

systematic 、 Professionalization

and

tools

. In terms of actual combat confrontation , Now the blue team also shows

Social work 、 Strong confrontation

and

Circuitous attack

Characteristics .

Two 、 About red team

Red team refers to the defensive side in the network actual attack and defense drill

. The red team is generally based on the existing network security protection system of the participating units , The defense team formed during the actual attack and defense drill . The main work of the red team includes pre drill safety inspection 、 Rectification and reinforcement , Network security monitoring during the drill 、 early warning 、 analysis 、 verification 、 Management , Repeat the exercise at the later stage and summarize the deficiencies in the existing protection work , Provide optimization basis for subsequent normalized network security protection measures, etc .

The red team is not independently established by the operating unit of the target system in the actual combat drill , But by the operating unit of the target system 、 Security operations team 、 Attack and defense experts 、 Safety manufacturer 、 Software developers 、 Network operation and maintenance team 、 Cloud providers and other parties , Attend to each one's own duties

Target system operation unit
： Be responsible for the overall command of the red team 、 Organize and coordinate .

Security operations team
： Be responsible for overall protection and attack monitoring .·

Attack and defense experts
： Be responsible for analyzing and judging suspicious attacks found in security monitoring , Guide the safety operation team 、 Software developers and other relevant departments carry out a series of work such as vulnerability rectification .

Safety manufacturer
： Be responsible for the availability of their own products 、 Adjust the reliability and protection monitoring strategy .

Software developers
： Be responsible for the safety reinforcement of its own system 、 monitor , Cooperate with the attack and defense experts to rectify the safety problems found .

Network operation and maintenance team
： Cooperate with attack and defense experts to maintain network architecture security 、 Overall optimization of network export 、 Network monitoring and traceability .

Cloud provider （ if there be ）
： Be responsible for the security reinforcement of its own cloud system , Monitor the security of systems on the cloud , At the same time, assist attack and defense experts to rectify the problems found .

For the red team , It is very important to know about the blue team , As the saying goes “ Only by knowing your enemy can you know your friend ”. From an attack point of view , Understand the thinking and playing methods of the attack team , Understand the thinking of the attack team , Combined with the actual network environment of the unit 、 Operation management , Formulate corresponding technical defense and response mechanisms , To gain more initiative in the process of defense .

3、 ... and 、 About team purple

Purple team refers to the organization in the network actual attack and defense drill

Fang . The purple team is in the actual attack and defense drill , The overall organization that carries out the drill in the role of the organizer 、 Coordination work , Responsible for drill organization 、 Process monitoring 、 technical guidance 、 Emergency support 、 Risk Management 、 Drill summary 、 Technical measures and optimization strategy suggestions .

The purple team organizes the blue team to attack the actual environment , Organize the red team to defend , The purpose is

Test the security threat response capability of the participating units through the drill 、 Attack event detection and discovery capability 、 Ability to analyze, study and judge events 、 The effectiveness of emergency response mechanism and process , Improve the safety and combat capability of participating units

. Besides , For some systems that are not suitable for direct attack and defense in the real network , Or some dangerous operation that is not suitable for actual execution , Purple team can organize both offensive and defensive sides to carry out sand table exercises , So as to further evaluate the network security risks and possible losses and damages .

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/162/202206111805168658.html