TNS Best Practice WatchGuard Audit 1.0.0

Audit Details

Name: TNS Best Practice WatchGuard Audit 1.0.0

Updated: 4/25/2022

Authority: TNS

Plugin: WatchGuard

Revision: 1.17

Estimated Item Count: 52

File Details

Filename: TNS_Best_Practices_WatchGuard.audit

Size: 81.9 kB

MD5: d4b6839ff4b1e9524d87997a96db1577
SHA256: 4254e5189af6f4c73dfdbc84eab7c3d79c02132f54389eb584cfdf612f632dc4

Audit Items

DescriptionCategories
WatchGuard : Authentication Settings - 'Authentication User Session Timeout'

ACCESS CONTROL

WatchGuard : Authentication Settings - 'Authentication User Timeout'

ACCESS CONTROL

WatchGuard : Authentication Settings - 'Management User Idle Timeout'

ACCESS CONTROL

WatchGuard : Authentication Settings - 'Management User Session Timeout'

ACCESS CONTROL

WatchGuard : Data Loss Prevention Signature Update - 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

WatchGuard : DDoS Prevention - Distributed Denial-of-Service Prevention - Per Client Quota

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DDoS Prevention - Distributed Denial-of-Service Prevention - Per Server Quota

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : Device Info

CONFIGURATION MANAGEMENT

WatchGuard : DNS Servers

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Block Address Space Probes

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Block Port Space Probes

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Drop ICMP Flood Attack

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Drop IKE Flood Attack

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Drop IP Source Route

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Drop IPSEC Flood Attack

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Drop SYN Flood Attack

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : DoS Prevention - Drop UDP Flood Attack

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : Gateway AntiVirus - 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

WatchGuard : ICMP Error Handling - 'host-unreachable'

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : ICMP Error Handling - 'network-unreachable'

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : ICMP Error Handling - 'pmtu-discovery'

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : ICMP Error Handling - 'port-unreachable'

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : ICMP Error Handling - 'protocol-unreachable'

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : ICMP Error Handling - 'time-exceeded'

SYSTEM AND COMMUNICATIONS PROTECTION

WatchGuard : IPS - 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

WatchGuard : IPS Logging Threat Level Critical - Enabled

AUDIT AND ACCOUNTABILITY

WatchGuard : IPS Logging Threat Level HIGH - Enabled

AUDIT AND ACCOUNTABILITY

WatchGuard : IPS Logging Threat Level Medium - Enabled

AUDIT AND ACCOUNTABILITY

WatchGuard : IPS Signature Update - 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

WatchGuard : IPS Threat Level Action Critical - DROP or BLOCK

SYSTEM AND INFORMATION INTEGRITY

WatchGuard : IPS Threat Level Action High - DROP or BLOCK

SYSTEM AND INFORMATION INTEGRITY

WatchGuard : IPS Threat Level Action Medium - DROP or BLOCK

SYSTEM AND INFORMATION INTEGRITY

WatchGuard : LDAP Server Name

IDENTIFICATION AND AUTHENTICATION

WatchGuard : LDAP Server Password

IDENTIFICATION AND AUTHENTICATION

WatchGuard : LDAP Server Port

IDENTIFICATION AND AUTHENTICATION

WatchGuard : Logging - Configuration Changes are Logged

AUDIT AND ACCOUNTABILITY

WatchGuard : Logging - IKE Packet Tracing

AUDIT AND ACCOUNTABILITY

WatchGuard : Logging - Remote Logging Enabled

AUDIT AND ACCOUNTABILITY

WatchGuard : Logging - Review Remote Logging Server Address

AUDIT AND ACCOUNTABILITY

WatchGuard : Logging - Syslog Timestamps

AUDIT AND ACCOUNTABILITY

WatchGuard : NTP Enabled

AUDIT AND ACCOUNTABILITY

WatchGuard : NTP Servers

AUDIT AND ACCOUNTABILITY

WatchGuard : Review ABS Policy Listing

ACCESS CONTROL

WatchGuard : Single Sign-On - 'Enabled'

IDENTIFICATION AND AUTHENTICATION

WatchGuard : SNMP Configuration - community string - 'private'

IDENTIFICATION AND AUTHENTICATION

WatchGuard : SNMP Configuration - community string - 'public'

IDENTIFICATION AND AUTHENTICATION

WatchGuard : SNMP Configuration - v3 user has password - auth protocol

ACCESS CONTROL

WatchGuard : SNMP Configuration - v3 user has password - priv protocol

ACCESS CONTROL

WatchGuard : SNMP Configuration - v3 uses DES

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

WatchGuard : SNMP Configuration - v3 uses SHA1 Auth Algorithm

SYSTEM AND COMMUNICATIONS PROTECTION