Setting up foundational security can be challenging due to the complexity of today’s security systems. Sometimes controls get removed accidentally during troubleshooting or policy changes and systems are left open and vulnerable. Below are just a few steps that can be used to check the security of your own systems.
What ports are left open? Did you forward the ports correctly?
- You should perform vulnerability scans for any open ports on a regular basis; at least monthly.
- Make sure to have proper patch management especially for services exposed to the internet.
If you have DOS prevention setup such as limiting TCP SYN amounts from 1 IP, test this with tools such as NMAP or Nessus, which are both free. Other commercial tools are available. You can also test by doing a ping flood and seeing if the UTM will start dropping the requests at a certain point.
Another simple free tool is hping3, some documentation can be found at http://www.hping.org/manpage.html and http://0daysecurity.com/articles/hping3_examples.html
Check to see if what you set to block is actually being blocked. Here are some simple categories that are typically blocked:
- Potentially Liable
- Anonymizer or Public Proxy
Make sure it is set up properly. Put something simple in a Web interface field such as a SQL injection command “https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)” or a directory traversal such as ../../../../../cmd.exe in the URL string.
Join CompTIA AITP and download the Perimeter Health Check guide for nine more ways to manually test your foundational security.
DISCLAIMER: This Testing Foundation Security Posture is for informational purposes only, and any reliance on its content is done at your own risk. Further, this Testing Foundation Security Posture and its contents are provided on an “AS IS” basis, and CompTIA makes no representations or warranties as to their completeness, accuracy or adequacy or that any advice, recommendations, or other content contained in this document will protect systems, networks, infrastructure, and the like from experiencing any cyberattacks or other security incidents. The security assessments and processes discussed in this document should be conducted by professionals experienced in the field of information technology security. The links referenced in this document direct users to third party websites. Any use of the links or the associated third-party websites is done at the user’s own risk, and additional terms and conditions from the owners of such websites may apply. CompTIA does not own or control these third-party websites, and CompTIA does not endorse or assume any responsibility for the third party websites and the information, materials, products, services, and other contents contained therein, including any harmful items or code. CompTIA is not liable or responsible to you or your clients or customers for any results that you or they may experience, and you agree to indemnify CompTIA from and against any losses or other harms that you or your clients or customers may experience based on your use of the information contained in this Testing Foundation Security Posture. By your use of the information contained in the Testing Foundation Security Posture, you agree to the terms of this disclaimer section.