The IT Perimeter/Network Security Assessment Checklist

With proliferating security tools, in addition to more systems and users taking advantage of cloud resources, IT perimeter security is feels more difficult to enforce with each passing day.

Use this checklist to quickly cover your IT perimeter and network security protocols and make sure nothing is slipping through the cracks.
 

1) Check your antivirus and IPS/IDS tools for functionality

There are non-malicious viruses and commands that you can use to see if your gateway software is stopping incoming attacks, like the eicar virus, Metasploit, or Tomahawk. Use a variety of versions, like compressed/zipped files and password-protected files to make sure the antivirus/antimalware tool is scanning beyond simple .exe files.

You can also try an SQL injection attack to be sure your IPS is catching web interface queries.

Define your expectations for the IPS and antivirus, including the traffic type (protocol, packet size, bandwidth) and which systems are being protected (including their operating systems, apps, and associated hardware/virtual servers).

2) See if illegal/unsavory web content is successfully blocked

You can use your DNS server (like OpenDNS) to screen specific web content. Do some quick browsing to ensure that all adult content, illegal activity, embargoed countries, websites with potential liabilities, and/or social networks are blocked according to your company policies.

3) Try to fool your firewall/universal threat management program

Visit openphish or a similar website — on a system that is not connected to the rest of your corporate network, with no identifying or sensitive information stored on it — to see if your firewall or UTM blocks the page as a threat.

Also try entering a botnet command from this public list to see if the UTM catches it.

While you’re checking your firewalls, see which ports are open/forwarded and perform a vulnerability scan. 

4) Check any DDoS protections

There isn’t really a legal way to run a DDoS attack, so just set a regular reminder to patch/update your anti-DDoS and make sure it is still running.

Which brings us to…

5) Patch management and updates

ALL software and operating systems must be on a strict patching and update schedule with religious tracking. Regularly check vendor websites for security alerts and patch releases. Install them on test servers before rolling out updates. Various software, both free and paid, is available to scan your servers for old versions and vulnerabilities.

While you check your patch versions, you may as well double check any subscriptions for antivirus, UTM, DDoS protection, or other security software you may be using, to avoid a lapse in coverage.

6) Test your e-mail filters

Whether you use e-mail file policies within Exchange, spam filters, or an e-mail specific antivirus tool, you need to double check that your flavor of choice is protecting your infrastructure.

Try blocking a specific domain and file type, then sending an e-mail to that domain and another e-mail containing that file type, to see if both of them are rejected. As long as you have eicar downloaded, send it as an attachment to see if it is blocked.

This is a cursory list but a good way to make sure the basics of your network perimeter are secured. In-depth penetration testing may be required for more sensitive environments, and additional security measures might be necessary if you have specific compliance requirements like PCI or HIPAA.