September 9, 2020

July 18, 2019

Please reload

Recent Posts

Top 5: Server Administration recommendations

October 5, 2020

1/5
Please reload

Featured Posts

Infrastructure vulnerability test conducted

October 1, 2020

 

Recently an infrastructure vulnerability test was conducted on one of numerous setups managed by us. For this test the live environment was replicated with a dedicated web server and database server. The hardware firewall remained the same (for both production and test).

The Principle Security Concerns ("PSCs") that were addressed via testing activities were as follows:


- [PSC1] Whether the hosts under review are securely configured and are not vulnerable to attack.
- [PSC2] Whether the hosts under review have up to date software installed.
- [PSC3] Whether anti-virus software is installed and configured correctly.
- [PSC4] Whether the boundary protection devices will resist external attack.
- [PSC5] Whether the firewall policy contains any rules that could be regarded as promiscuous
- [PSC6] Whether the firewall policy contains any verbose service groups with regard to hosts/network and port
exposure.
- [PSC7] Whether the devices under review have up to date vendor firmware.
- [PSC8] Whether the switches and routers under review contain any configuration elements that would be considered to deviate from best practice.

 

As expected we were given a clean bill of health with some minor low priority issues which are expected in any system some of which can be marked more as information rather than an issue. In our next post we will give the top 5 recommendations for server administrators.

Share on Facebook
Share on Twitter
Please reload

Search By Tags
Please reload

Archive