Hands-on technical skills required to be a member of the Cyber Guardian Blue Team:
- Harden Windows against Advanced Persistent Threat (APT) hackers.
- Limit the harm from the compromise of admin users and IT staff.
- Harden Windows and applications against client-side exploitation.
- Apply DoD/DISA security templates and STIGs with Group Policy.
- Enforce classification labels (like FOUO) across file servers.
- Use IPSec and the Windows firewall for restricting TCP port access.
- Harden IIS web servers against determined attackers.
- OS Lockdown - Reduce attack surface by minimizing installed packages and active services. Apply network filtering to protect systems. Tune kernel to thwart attacks.
- Logging and Monitoring - Understand different levels of logging and how to apply them. Build centralized logging/alerting infrastructure. Use HIDS tools appropriately.
- Application Security - Apply isolation techniques such as chroot() and SELinux. Understand appropriate security controls for common apps (Apache, BIND, Sendmail, ...)
- User Access - Understand common password attacks and how to mitigate them. Maintain fine-grained control over admin access. Authentication controls for automated tasks.
- Understanding the rules of network communication and how to bend them
- Understanding traffic flow, packet filtering, proxy firewalls and network based intrusion detection
- Methods to secure systems exposed to the internet and common tools to simplify the task
Candidates must successfully complete one of the following courses and the corresponding certifications: