Tuesday, September 25, 2007

Colors in Security

This is what I collected from the http://taosecurity.blogspot.com/2007/09/security-jersey-colors.html:
  • Red Team: A Red Team is an adversary simulation team. The Red Team attacks the asset to meet an objective. This activity is called penetration testing in the commercial world.

  • Blue Team: A Blue Team is a security posture assessment and evaluation team. The Blue Team determines the vulnerabilities and exposures of an enterprise. This activity is called vulnerability assessment in the commercial world.

  • White Team: A White Team (or usually a "White Cell") controls the environment during an exercise. The White Cell provides the framework in which the Red Team attacks friendly forces. (Note that in some situations the friendly forces are called the "Blue Team." This is not the same Blue Team that conducts vulnerability assessments and evaluations. Blue in this case is simply used to differentiate from Red.)

  • Green Team: The Green Team is usually a training group that helps the asset owners. Alternatively, the Green Team helps with long-term vulnerability and exposure remediation, as identified by the Blue Team. These descriptions are open for discussion because I haven't seen too many green team activities.
In addition, I would also like to add in a couple more teams.
  • Black Team: The Black Team is supposedly for forensics and investigation. I choose this color because it matches with "Black Box" found in all aeroplanes.

  • Brown Team: The Brown Team is dedicated to Incident Response Team. They in-charge of everything during emergency and act/react to bring the situation under control.
P/S: How come it seems similar to 6-Hat Thinking?