How We Test
Test your outgoing internet connection security by running a few “non-malicious” and “non-intrusive” tests from your web browser.
Summary
The Network Edge Surface test is an active component that performs a few “non-malicious” web requests in order to assess the level of Network Level protection present in your network’s internet connection point.
The test is performed in your own browser and does not have privileges or rights to perform any actions on the local file system.
Several categories are tested and the results are shown in the report.
Tested Categories and Mitigation or Prevention Mechanisms
Malware Protection: NGFW - Anti-Virus / Intrusion Prevention System
Data Protection: DLP - Data Loss Prevention Solution
Online Privacy: Proper Browser Configuration
Data Encryption: Proper Browser Configuration
Browser Security: Proper Browser Configuration
Network Access Protection: NGFW - Intrusion Prevention System, Website Categorization and Application Control
Test Procedure
For each category of tests we are running various GET and POST requests from the current browser and further evaluating if they are prevented along the way. The test itself cannot asses what has stopped the traffic but rather if it the connection has worked or not.
There may already be different security solutions present and the point of the test is to show if those solution would either Detect or more importantly Prevent the offending traffic.
As we are scoring only for prevention you may still check the logs and alerts of your environment to see if the test cases were picked-up by your solution.
The point of the tests is not to benchmark solutions but rather indicate that the presence of a solution is not sufficient but also proper configuration is required.
The tests are performed on HTTPS by default so this implies that with no SSL/HTTPS Inspection most of the results would fail. This is intended as most traffic today is encrypted and legacy solution would actually not provide protection for this kind of traffic flow or attack.
There is an option to also run the test on HTTP but only if you open the test website manually. Access to a HTTP resource from HTTPS or downgrading from an encrypted connection to an unencrypted connection is not allowed by modern browser security same-origin policies.
Test Results
According to each response received for each test group we can assess if the communication was prevented or allowed. Having a full 100% result does not mean that you are fully secure but it does mean that you have the recommended controls implemented and features both enabled and configured. Even if for the sake of this test you may prevent the simulated traffic this does not mean that the configuration should not be adapted to real world situations and threats.
The test can be run several times to see how changing configuration impacts the results. The results are also stored for each test in order to see historical progression or be able to compare the results before and after modifications.
Please remember that this is only a test and it does not substitute continuous monitoring and proper configuration and implementation of security controls.
For a complete list of URLs that are being accessed by Fingerprint: https://support.codaintelligence.com/hc/en-us/articles/4459752828434-Network-Edge-Scans-Fingerprint-nBAS-Testing
Comments
0 comments
Please sign in to leave a comment.