Hey peeps,
So just want to share some things for you to make sure you have enabled to ensure the best possible security posture on your network, just a few tidbits.
1. Ensure in Windows Server DNS under Zone Transfers that you define your DNS Name Server that are allowed to make transfers and set it to allow only those servers. This way rogue attackers can’t seize your DNS records. Once you do with open up a Linux machine and type “dig afxr [your DNS server].yourdomain.com yourdomain.com” and see if you can or can’t get a zone transfer, the goal is for you to not have one. 😛
2. Make sure that your firewalls on the WAN/LAN ports block ICMP requests. This way when someone does a tracert of your DNS servers or network they can’t resolve any of your servers. Example: if you did a tracert of domain, typically the last two addresses are internal resources. if you do a tracert and then comes back with a * * then this means ICMP is blocked; this is what you want!
3. Make sure on routers that you have CHAP authentication enabled for all routers and L3 switches that share routing typically the command to enable this (like on Cisco) is “encapsulation ppp” and then the two modes are PAP which send the password in cleartext or with CHAP (the preferred method) which doesn’t send the password in the clear but instead salts the password so that routers and L3 switches with the CHAP can validate that the device is authorized to update the routes and routing tables, this way you can prevent routing tables from being poisoned with false routes from rogue routers and man-in-the-middle attacks.
4. A useful tool for malware sandboxing, vulnerability assessment and SIEM is a appliance provided by SocSoter and those interested should seek them out.
Just some security minded pointers. 🙂