Critical Security Tests Part 1: Network Security Tests Guide
TLDR: Learn how to test basic network security controls to ensure you got the basics down when it comes to nework security.
If you don’t want to spend time writing your own tests, just download our app instead. Register for a free trial of our testing software.
Testing network security.
securing connectivity between devices
Controls
Almost all networks have unused security controls:
- Home routers have firewall rules and can chose to use secure DNS servers.
- Home firewalls have VLANs, URL filtering, and sometimes even Intrusion Detection/Prevention.
- Enterprise firewalls can do deep packet inspection, SSL proxying, and advanced network monitoring.
Our testing will show if these controls are working.
Tests
We’ll be testing basic aspects of our controls by:
- Connecting to botnets and known attack networks.
- Resolving known malicious domains (DNS).
- Checking outbound ports to the Internet.
- Checking inbound ports from the Internet.
Test. The. Important. Things.
Example Network Security tests.
Connect to botnets and known attack networks:
Use the EDROP list from Spamhaus, which “include netblocks controlled by spammers and cybercriminals”. Scan a few of these networks to see if your traffic is able to route to networks that you should never be able to route to.
nmap --top-ports 5 "91.200.81.0/24" "208.12.64.0/19" "176.119.7.0/24"
# Scan spamhaus networks on 5 most common ports and see what you're able to connect to.
# Any accessible IP is a failure.
Resolve known malicious domains (DNS):
Get domain lists from Urlhaus, which has attacker domains that should not be resolved. Create a shortened list which is easier to iterate to. These domain lists change all the time so it makes no sense for me to recommend specific domains.
for i in $(cat short-list-of-urlhaus-domains.txt) | do host $i; done
# Iterate through list of evil domains, trying to resolve them.
# Any domain which resolves to a routable IP is a failure.
Check outbound ports to the Internet:
Simply scan scanme.nmap.org.
nmap -p1-65535 scanme.nmap.org
# Testing top 1000 ports for outbound connections.
# Any unneeded, open, port is a failure.
Check inbound ports from the Internet:
Simply scan your routable IPs from a cloud host.
# from a server outside your own network:
nmap -p1-65535 "your routable IP"
# Any unneeded, open, port is a failure.
Want more tests? Register below!
Available tests for routers and firewalls:
| Secure Routing and DNS | URL Filtering | Port filtering | Network Monitoring | |
| malware websites |  |
|
|
|
| attack networks | |
|
|
|
| ports and protocols | |
|
|
|
| malicious dns | |
|
|
|
| c2c traffic | |
|