Console Review

Hacking 101 Pentest

Here is a list of things to check for on a manual console review for a firewall, switch, wireless controller, router, etc, and there is not a security best practice guide for that specifc device:

  1. Rule base for the use of ANY for SOURCE/DESTINATION/SERVICE or overly permissive, such as allowing large ranges (e.g. x.x.x.x/16)
  2. Rules which allow clear-text protocols (e.g. telnet/ftp)
  3. Rules allow excessive access to management protocols
  4. Check hashes for weak passwords if included
  5. Check for comments against each rule to state what it’s for and if temporary
  6. Test/Temporary rules should be removed when done and maybe comment not to include on production if applicable
  7. Check against documentation where provided.
  8. Enable logging for each rule (exceptions to be commented on)
  9. NTP configured
  10. NTP authenticated
  11. Syslog enabled
  12. Password policy enforced
  13. SNMP settings
  14. Hashing method for creds (e.g. not using MD5 but SHA2+)
  15. Centralised authentication recommended
  16. No shared generic admin accounts (e.g. only 1 admin user configured).
  17. Logon banner
  18. Restricted admin access
  19. Weak protocols not used for admin
  20. Console timeouts

Leave a Reply

Your email address will not be published. Required fields are marked *