Practice Safe Sec on the Field
Let’s start off with two teams: a red team, and a blue team. The red team is on offense, and the blue team is on defense. Now, before we begin practicing safe sec (security), we need to learn the real meaning of offense and defense.
Getting started in the technical world can be hard, but jumping into cyber security (namely Information Security, which is commonly referred to as InfoSec) seems to be even harder for most people. As an outsider, the high volume of technical jargon makes it almost impossible to follow a conversation amongst security professionals.
How do we, as the ultimate noobs, conquer this great feat? How do we get our feet wet in the hacker pool?
I’m not claiming to know the answer to these questions. In fact, I’m in the same place as you probably are. So, let’s learn together. Let’s learn safe sec, starting off with the two main types of security: offensive security and defensive security.
Offensive security is focused on seeking out the culprit that is attacking your system or network. When engaging in offensive security tactics like interrupting and stopping the perpetrator from attacking, you are acting like the perpetrators themselves. In so many words, you are attacking them so their operations are disabled. Hack on.
Defensive security, or conventional security, emphasizes the protection of your assets. It focuses on methods to find and fix system vulnerabilities, as well as patch software that could potentially be exploited.
It is easier to attack than defend, rendering offense the advantage in most situations.
Now that we have covered the key differences between offensive and defensive security, let’s discuss security in terms of the red team and blue team.
Red team-blue team exercises are activities carried out by a group of security professionals. These professional hackers either attack if on the red team, or defend if on the blue team. The red team is on the offensive, and the blue team is on the defensive. Many times the system they are exploiting is a security infrastructure which will be either a fake or real.
These exercises are a great way of identifying vulnerabilities in a system. They also train the team in defending the system or network. The blue team thinks, “How can the enemy exploit my system?”, and the red team is posed to attack.
Although this may be a game to some and there are people aiming to win out there on the field, it is an educational experience for both sides. Through red team-blue team exercises, each hacker builds up the skill and stamina need for sec.
If you ever have the opportunity to engage in offensive or defensive security, I highly encourage you to do it well and give it your all. Be safe, but play hard. Life is just a game after all.
Which team will you play for on the field?
This is my first post in the “Getting Started in Cyber Security” series. If you enjoyed this article, please recommend it and share it with friends. Thanks for reading!
Check out more great articles at Code Like A Girl.