- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
In connection with penetration testing (also known as ethical hacking) one hears again and again of different colored teams. White hats and black hats are also often mentioned in this context. But what do these colors and terms mean and what do you have to do with IT security? In this post, I would like to introduce the different colors that are used in the world of cybersecurity and how they relate to each other.
With
increasing digitization, large-scale attacks using malware such as Emotet, or targeted
hack attacks on government institutions , the topic of IT
security is now reaching more and more people. An area that has so far
hardly been noticed by the public, although it has always been important. With
this attention now present ,
many private users and companies are increasingly finding out what they can do
better to avoid such attacks ,
how they can protect themselves effectively and what they can do in the event
of an attack.
Most people encounter the world of IT security for the first time and are simply flooded with information that is new to them. If you search for topics using a search engine or contact surrounding security specialists, you are often thrown at with terms such as penetration testing , incident response , social engineering or damage control . At first glance, these seem to be buzzwords that concern these weird IT nerds. Fortunately, however, a simple, visual system has been established in “InfoSec” (another new term) that makes the tasks simple and easycan be clearly assigned in order to provide a rough overview.
Find the best free antivirus software to keep away from cybercriminals.
Attack and Defense - the Origin of Red
and Blue Teams
Originally, a distinction was
made between
the attackers and the defenders . As is common in the
non-IT environment, for example in the military or other security forces, a
distinction is made using the two colors red (for attackers) and blue
(for defenders) . This subdivision is still the most
common today and enables a simple and rough assignment. As is often the
case in the digital world, these terms are mostly used in their English form
(Anglicism).
In addition, however, a distinction is not only made between the
tasks (attack / defense / development), but also between the intention
of the people who carry out these activities. A
distinction is also made between white hats , gray hats and black hats .
Hats
Being a hacker is not automatically bad. Even if we associate
this term with the evil, hooded criminals from the films, one always
differentiates between the intentions of a hacker . To
be a hacker simply means that you have a keen interest in
understanding how various systems or
infrastructures work and how you can manipulate them. How
to use this knowledge is a moral question.
If we think of the classic cybercriminal as
we know him from the films (black hoodie, lives in the basement), then we speak
of a so-called black hat . The
black hat symbolizes the intention to cause harm . However,
light also belongs to the shadow. White Hats ,
so the white hat, symbolizing good intentions . Hackers
who only use their skills for “morally correct” purposes, for example by
working to uncover and report security vulnerabilities.
However, since the world is not just black and white, there is a
third category. The so-called gray hats . The
gray hat symbolizes a mixture between white and black. People who use
their abilities for good as well as bad intentions . There
can be many different reasons for this. In this way, someone could
possibly sell their skills to the highest bidder. Unfortunately, the
categorization is often not that easy. Since this is a moral
question , it can often be interpreted in different
philosophical terms. It can also happen that the legislature
can have a different opinion here than the subjective
morality. Hacking someone out of goodwilland
wants to report a loophole found, he is liable to prosecution without
prior agreement . Before the law he is a black hat , even if he actually did it out of
goodwill.
The Primary Colors
1) Red: The Attackers
Tasks such as penetration
testing , social
engineering or any other form of attack fall into the area of the red teams . However,
it is important that these are clearly defined, approved and agreed
attacks . The Red Team works
and acts like real criminals in terms of technology. However, these skills
are used to improve the systems to be tested -
i.e. white hats . The
goal is not to cause damage, but to uncover weak points through
simulated attacksand in cooperation with the other teams to close them before
actual blackhats can use them. This is also referred to as “ethical
hacking”. Even if the intentions are always good ,
it is not uncommon for former Black Hats
to be employed in these teams.
2) Blue: The Defenders
Everything that Concerns the Hardening, Protection and Analysis of
Systems Takes Place in The blue teams . Here
you will find trained specialists who set
up, configure and maintain technical measures to protect
the infrastructure . Among other things, the
operation of firewalls, the evaluation of log files or
the analysis
of malware . The technical measures (hardware /
software) vary depending on the target system to be supported, or even
individual.
3) Yellow: The Developers
Unfortunately, the Classic Distinction Between Red and Blue Team does
not meet the requirements of reality. Another very essential
element of security has been neglected
for years . In 2017, April C.
Wright brought the developers into the model at the hacker conference "BlackHat"
(an analogy to the evil Black Hats ,
but in this case the name of the event). Many programmers have little or
no contact with IT security issues. There are multiple reasons for that. It
is important to take the software developers with you with
these questions, because many of the known vulnerabilities are
due to incorrect programming and can be avoided very easily . Developers
are also those who make the Blue Team's tools available
(e.g. logging).
You Can only Be Successful
if You Work Together
The Red Team tries to
bypass the Blue Team's security mechanisms
and outsmart the Yellow
Team's software . The Blue Team tries,
partly with the help of the Yellow Team, to
prevent the Red Team from
doing so. So blue /
yellow versus red ? No! A reasonable
cooperation is necessary for the safety successfully
improve. Even if these teams have different tasks, they all
help each other. The best analogy for this is
arguably rival siblings.
This overarching work can now be wonderfully represented by the secondary
colors :
Purple Teaming
The Red Team gives
feedback to the Blue Team ,
because only those who understand how an attacker acts -
true to the motto "know your enemy" - can protect themselves against
it. The Blue Team, in
turn, presents its work to the Red Team ,
which then uses the mentality of an attacker to identify possible weak points and
gives it back again as feedback.
Orange Teaming
Members of the Red Team work
together with the Yellow Team . The
aim is to help the developers by
explaining to them how to program software more securely. But not by just
providing a report with the vulnerabilities found, but also by
explaining how the attack works . This ensures that
the developers will continue to take a completely different
perspective when coping with their often very complex
tasks in the future . As a result, it can also happen that further, previously
unknown, vulnerabilities are uncoveredby applying their new
understanding to the rest of their work. Nobody knows a system better than
the person who developed it.
Green Teaming
The Blue Team uses
the software provided by the Yellow Team in practice. During the
application it is noticed that some functions are missing, would be helpful or
do not work optimally. The daily work and experience is transmitted from Blue to the Yellow Team ,
which can then make adjustments and
thus ensure optimal operation .
Is There More?
The primary colors are arguably the most commonly used . Not only in
terms of language, but also the actual work, whereas the secondary colors are
used less often. Occasionally, however, you will find other, less common
and more spongy colors. So every now and then you read about a so-called white
team . The white team symbolizes the management , which looks after the
organization and the interaction of the individual teams, but in contrast to
the primary colors moves in a non-technical
area . Just pure management.
Occasionally you read about a notorious Black Team . The black team is in the middle of all colors and should therefore be able to do everything . However, these other categorizations are often somewhat controversial and can sometimes have slightly varying definitions , depending on which group or person in the InfoSec community is asked.
Comments
Post a Comment