Pre-Security Path
Offensive Security Introduction

Introduction to Defensive Security¶

Unlike offensive security, which aims to identify and exploit system vulnerabilities to enhance security measures. Some of these activities included:
- Exploiting software bugs
- Leveraging insecure steps
- Taking advantage of unenforced control policies
- More strategies are utilised.

Red Teams and Penetration Testers specialise in these offensive techniques.

Defensive Security is concerned with two main tasks:
- Preventing Intrusions from occurring
- Detect Intrusions when occurred and response appropriately to the situation

Examples of some defensive tasks include:
- User Cyber Security Awareness - Educating users about cyber security to help protect against attacks targeting their systems through employees.
- Documenting & Managing Assets - Systems and Devices that must be managed and protected adequately.
- Updating & Patching Systems - Computers, Servers, and Network Devices are up to date and patched against known vulnerabilities.
- Setting up Preventative Security Devices - Firewalls, IPS and IDS are critical components in preventative security.
- Setting up Logging & Monitoring Devices - Proper Network Logging and monitoring are essential for detecting malicious activities and intrusions.

Defensive Security also covers the following topics:
- Security Operations Centre (SOC)
- Threat Intelligence
- Digital Forensics & Incident Response (DFIR)
- Malware Analysis.

Questions¶

Q: Which team focuses on defensive security?
A: Blue Team

Areas of Defensive Security¶

This section will cover two topics in Defensive Security:
- Security Operations Centre (SOC) which covers Threat Intelligence.
- Digital Forensics & Incident Response (DFIR) which covers Malware Analysis.

Security Operations Centre (SOC)¶

Security Operations Centre (SOC) is a team that monitors the network and its systems to detect malicious cyber security events.

Some of the SOC team's main areas of interest include:
- Vulnerabilities - System vulnerabilities (weaknesses) are discovered, making it imperative to fix them by installing a proper update or patch. In the event an immediate fix is unavailable, necessary measures (e.g. isolation) to prevent an attack from exploiting it.

While essential to the SOC team, it may not necessarily be assigned to them.
- Policy Violations - A security policy is a set of rules designed and required to protect the network and systems. (e.g. Policy says users cannot use install any software onto the machine)
- Unauthorised Activity - In the event a user is compromised, the SOC team must be must be able to block the event as soon as possible to prevent further damages.
- Network Intrusions - There is always a chance for an intrusion regardless of the level of security, the priority is detecting the intrusion and preventing it.

Threat Intelligence¶