Defense of a machine falls into two main categories:
- Intrusion Prevention
- Incident Recovery
In the first scenario, you're working to stop intrusions before they happen: Metasploitable/Defenses/Stopping
In the second scenario, you're detecting intrusions after they happen and doing forensic work: Metasploitable/Defenses/Detecting
There are also categories of defense types:
- On-machine defenses
- Network defenses
For on-machine defenses, you're looking at systems and software that operate within the domain of a single computer.
For network defenses, you're analyzing an entire network, incorporating data from multiple systems and domains.
Metasploitablue: The Blue TeamMetasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue.
Metasploitable On-Machine Defenses:
Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation
Linux Artifact Investigation: Metasploitable/Artifact Investigation
Linux Iptables Essentials: Metasploitable/Iptables
Firewall Assurance and Testing: Metasploitable/Firewall
Password Assessment: Metasploitable/Password Assessment
Standard Unix Ports: Unix/Ports
Nmap (Blue Team): Metasploitable/Nmap
Network Traffic Analysis: Metasploitable/Network Traffic Analysis
Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns
Snort IDS: Metasploitable/Snort
Flags · Template:MetasploitableBlueTeamFlag · e