PfSence - changes
parent
cfbd8a11d2
commit
80e7770e19
|
@ -1,11 +1,11 @@
|
||||||
id: configure-dns-server
|
id: configure-dns-server
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: DNS Server Configuration - Detect
|
name: DNS Server Not Implemented - Detect
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Netgate DNS is recommended to be configured over TLS. This prevents intermediate parties and potential attackers from viewing the content of DNS queries and can also assure that DNS is being provided by the expected DNS servers.
|
DNS is recommended to be configured over TLS. This prevents intermediate parties and potential attackers from viewing the content of DNS queries and can also assure that DNS is being provided by the expected DNS servers.
|
||||||
reference: |
|
reference: |
|
||||||
https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
|
https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
id: configure-session-timeout
|
id: configure-session-timeout
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Netgate Configure Sessions Timeout - Detect
|
name: PfSence Configure Sessions Timeout Not Set - Detect
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Netgate configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
Configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
reference: |
|
reference: |
|
||||||
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
id: enable-https-protocol
|
id: enable-https-protocol
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Netgate Web Admin Management Portal/HTTPS - Detect
|
name: Pfsence Web Admin Management Portal HTTPS Not Set - Detect
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Netgate Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
PfSence Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
reference: |
|
reference: |
|
||||||
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
id: known-default-account
|
id: known-default-account
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Netgate Known Default Account - Detect
|
name: PfSence Known Default Account - Detect
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Netgate configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
|
PfSence configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
|
||||||
reference: |
|
reference: |
|
||||||
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
|
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
id: password-protected-consolemenu
|
id: password-protected-consolemenu
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Netgate Password Protection Configuration - Detect
|
name: PfSence Consolemenu Password Protection Not Implememnted - Detect
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Netgate password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management.
|
PfSence password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management.
|
||||||
reference: |
|
reference: |
|
||||||
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
||||||
classification:
|
classification:
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
id: set-hostname
|
id: set-hostname
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Netgate Hostname - Detect
|
name: PfSence Hostname Not Set - Detect
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Netgate hostname should be set so that other devices on the network can correctly identify it. The hostname is a unique identifier for the device.
|
PfSence Hostname should be set so that other devices on the network can correctly identify it. The hostname is a unique identifier for the device.
|
||||||
reference: |
|
reference: |
|
||||||
https://docs.netgate.com/pfsense/en/latest/config/general.html
|
https://docs.netgate.com/pfsense/en/latest/config/general.html
|
||||||
classification:
|
classification:
|
||||||
|
|
Loading…
Reference in New Issue