By Beth Watts
Mar 29, 2017
If you’re curious about how secure your network is today, we recommend running the free Jungle Disk Network Security Test https://www.jungledisk.com/shield-test/. The test is basically a quick and comprehensive network security test that takes two minutes to run and provides a report on potential vulnerabilities in your network. But what is the Shield Test actually doing? I have outlined what a manual test would look like for your reference below.
Open Ports Test - What ports are left open? Did you forward the ports correctly? Most cyber security experts agree, you should perform vulnerability scans for any open ports on a regular basis at least monthly. Make sure to have proper patch management especially for services exposed to the Internet.
Distributed Denial-of-Service (DDoS) Defenses - If you have DDoS prevention setup such as limiting TCP SYN amounts from 1 IP, test this with tools such as NMAP or Nessus, which are both free. Other commercial tools are available as well. You can also test by doing a ping flood and seeing if your firewall will start dropping the requests at a certain point. Another simple free tool is hping3, some documentation can be found at http://www.hping.org/manpage.html and http://0daysecurity.com/articles/hping3_examples.html
Gateway Anti-virus (AV) - Check to make sure your AV is setup properly. You can use the eicar non-malicious virus that is recognized by most AV engines found here. It is best to test with various types of files and compressions as well to make sure the AV engine isn’t only looking for executables or isn’t doing stream based only. Below are samples of the eicar that have already been compiled and are hosted at one of the www.shieldtest.com servers.
Intrusion Prevention System (IPS) - Make sure it is setup properly- put something simple in a web interface field such as a [SQL injection command](https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005), or a directory traversal such as ../../../../../cmd.exe in the URL string.
Data Loss Prevention (DLP) - Check to make sure your DLP is doing something. Go to any form on a Web page and type in a sample credit card number. You can also try to send an email (make sure you are using SMTP to test your firewall, or make sure you have DLP on your mail system if it’s an encrypted session to a hosted mail server. Sample numbers can be found here.
Block Embargo Countries - Are you blocking countries that shouldn’t be communicated with from US or EU? Can you get to http://www.gnu.rep.kp, for example?
Phishing - Visit several phishing websites published at OpenPhish and check to see if you get a block page from your firewall. Because this is a free public list, it is not very up to date, so don’t be tricked by the browser blocking it, or if it’s not available anymore. Find the ones that are still live (towards the top of the list) and continue past the browser warning to see if your firewall will block it. This will not test the quality and how up to date your firewall or web filtering for blocks phishing websites, but will at least check to make sure it is setup correctly and you are getting the firewall to block the page.
Web Filtering - Check to see if what you set to block is actually being blocked. Here are some simple categories that are typically blocked - pornography, potentially liable and anonymizer or public proxy.
Botnet - Check to make sure your firewall gateway will detect botnet activity or C2 communication. You can use a simple public list to make a connection and check to make sure your firewall blocks it and triggers a log. As with all public lists, they are not always the best and most up-to-date. One of the better public lists is rules.emergingthreats.net, which you can use several of the recent entries to test the effectiveness of your firewall configuration.
If you are having trouble adjusting your firewall to meet the criteria above, feel free to contact us at Jungle Disk, so you can schedule a demo of our Network Threat Protection product. It is a unified threat management tool that will help protect you from the threats I’ve outlined above. Once you receive your device, we can help you configure it, so you can pass this test with flying colors!