CSCv7|12.2

Title

Scan for Unauthorized Connections across Trusted Network Boundaries

Description

Perform regular scans from outside each trusted network boundary to detect any unauthorized connections which are accessible across the boundary.

Reference Item Details

Category: Boundary Defense

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.3.2 Allow only trusted hosts in SNMPv3FortiGateCIS Fortigate 7.0.x Level 2 v1.2.0
2.4 Ensure internal sources are blocked on external networksJuniperCIS Juniper OS Benchmark v2.0.0 L2
2.7 Ensure internal sources are blocked on external networksJuniperCIS Juniper OS Benchmark v2.1.0 L2
3.3 Ensure firewall policy denying all traffic to/from Tor, malicious server, or scanner IP addresses using ISDBFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0
3.10 Ensure SharePoint database servers are segregated from application server and placed in a secure zone.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all InterfacesCheckPointCIS Check Point Firewall L2 v1.1.0
6.1.1 Apply a Trusted Signed Certificate for VPN PortalFortiGateCIS Fortigate 7.0.x Level 2 v1.2.0
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only)WindowsCIS Windows Server 2012 MS L2 v2.2.0
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only)WindowsCIS Windows Server 2012 R2 MS L2 v2.4.0
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only) - EnabledWindowsCIS Microsoft Windows Server 2016 MS L2 v1.2.0
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only) - EnabledWindowsCIS Microsoft Windows Server 2016 STIG MS L2 v1.0.0
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only) - EnabledWindowsCIS Microsoft Windows Server 2016 MS L2 v1.3.0