Cyber Guardian: Blue Team

Blue Team

Hands-on technical skills required to be a member of the Cyber Guardian Blue Team:

Windows Security

  • Harden Windows against Advanced Persistent Threat (APT) hackers.
  • Limit the harm from the compromise of admin users and IT staff.
  • Harden Windows and applications against client-side exploitation.
  • Apply DoD/DISA security templates and STIGs with Group Policy.
  • Enforce classification labels (like FOUO) across file servers.
  • Use IPSec and the Windows firewall for restricting TCP port access.
  • Harden IIS web servers against determined attackers.

Linux/Unix Security

  • OS Lockdown - Reduce attack surface by minimizing installed packages and active services. Apply network filtering to protect systems. Tune kernel to thwart attacks.
  • Logging and Monitoring - Understand different levels of logging and how to apply them. Build centralized logging/alerting infrastructure. Use HIDS tools appropriately.
  • Application Security - Apply isolation techniques such as chroot() and SELinux. Understand appropriate security controls for common apps (Apache, BIND, Sendmail, ...)
  • User Access - Understand common password attacks and how to mitigate them. Maintain fine-grained control over admin access. Authentication controls for automated tasks.

Perimeter Protection

  • Understanding the rules of network communication and how to bend them
  • Understanding traffic flow, packet filtering, proxy firewalls and network based intrusion detection
  • Methods to secure systems exposed to the internet and common tools to simplify the task

Candidates must successfully complete one of the following courses and the corresponding certifications:

Courses & Certifications
Course Certification
SEC502: Perimeter Protection In Depth GIAC Certified Perimeter Protection Analyst (GPPA)
SEC505: Securing Windows GIAC Certified Windows Security Administrator (GCWN)
SEC506: Securing Unix/Linux GIAC Certified UNIX Security Administrator(GCUX)