Penetration Test 4 December 2020 Internal Penetration Test Process/Checklist [ ] Map the Internal Network [ ] Scan the Network for Live Hosts [ ] Port-scan individual machines [ ] Try to gain access using known vulnerabilities [ ] Attempt to establish null sessions
Penetration Test 4 December 2020 External Penetration Testing Process/Checklist Some of these items are only used for Web Application Penetration Testing[ ] Inventory Company's External Infrastructure[ ] Create Topological Map of Network[ ] Identify IP Addresses of
Penetration Test 4 December 2020 Firewall Penetration Test Process/Checklist [ ] Locate the Firewall [ ] Conduct a traceroute to identify the network range [ ] Port Scan the firewall [ ] Grab the Banner [ ] Create Custom packets and look for firewall
Ubuntu 4 November 2020 Session Lock After a 15-Minute Period of Inactivity The Ubuntu operating system must initiate a session lock after a 15-minute period of inactivity for all connection types. Rationale:A session time-out lock is
28 October 2020 System Library Files Must Be Owned By Root The Ubuntu operating system library files must be owned by root. Rationale:If the Ubuntu operating system were to allow any user to make changes
21 October 2020 Enforcement of Minimum Password Lifetime The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1
Linux 14 October 2020 Enforcement of Password Complexity The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used. Rationale:Use of a complex password helps
Linux 8 October 2020 User Needs Security Function Must Be Part of Sudo Group The Ubuntu operating system must be configured so that only users who need access to security functions are part of the sudo group. Rationale:An
Linux 30 September 2020 Prevent Direct Login Into the Root Account The Ubuntu operating system must prevent direct login into the root account. Rationale:To assure individual accountability and prevent unauthorized access, organizational users must be
Linux 23 September 2020 Lock Out After Three Consecutive Invalid Logon Attempts The Ubuntu operating system must be configured so that three consecutive invalid logon attempts by a user locks the account. Rationale:By limiting the number
Linux 20 September 2020 Enforcement of Delay Between Logon Prompts Following a Failed Logon Attempt. The Ubuntu operating system must enforce a delay of at least 4 seconds between logon prompts following a failed logon attempt. Rationale:Limiting the number
API 6 September 2020 Ensure that the API server pod specification file permissions are set to 644 or more restrictive Ensure that the API server pod specification file has permissions of 644 or more restrictive Rationale: The API server pod specification file controls various parameters
Vulnerability 2 September 2020 SIGRed Vulnerability (CVE-2020-1350) SIGRed (CVE-2020-1350) is a critical, wormable RCE (remote code execution) vulnerability in the Windows DNS Server, that can be triggered by an attacker with malicious
SOC 1 September 2020 SOC 2 Security Controls Excel Spreadsheet Domain Title Domain_Control_Ref Domain_Control_Title Domain_Control_Summary § Control Environment\n【CC1.1】 The entity demonstrates a commitment to integrity
31 August 2020 Installing Suricata and Filebeat on Centos and Shipping Suricata Logs to Elastic SIEM Suricata is one such NIDS solution, which is open source and can be quickly deployed either on dedicated hardware for monitoring one or more transit
