| ||
Assessing SSH implementation, ciphers used, and vulnerabilities
Assessing SSL/TLS implementation, ciphers used, and vulnerabilities
Assessing security of higher layers VPN implementations , such as cIPe
Assessing the implementation and security of the Kerberos protocol
Assessing the vulnerabilities of higher layers security protocols to man-in-the-middle/ session hijacking attacks
Assessing session-based stateful filtering in certain firewallsfor example, Cisco PIX
Assessing the security features of proxies and proxy firewalls
Assessing ingress and egress content filtering
Assessing NAT-unfriendly protocols (active FTP, H.323, and so on) forwarding
Assessing SPAM filtering implementation behavior/efficiency
Assessing centralized virus filtering efficiency
Assessing the efficiency of the inbuilt device IDS against current common hacking attacks and malware
Assessing IDS/traffic filtering integration
Assessing local and remote attack logging quality
Assessing remote logging methods , authentication, and encryption
Assessing support of remote distributed logging and logging over TCP
Assessing the compatibility with common syslog servers
Assessing the local syslog daemon vulnerability to various DoS/log buffer filling attacks
Assessing the security of management web interface
Assessing the security of SNMP management and SNMP implementation
Assessing the security of remote SSH, RSH, and Telnet device management
Assessing the security of configuration files/OS upload and download facilities (FTP, TFTP, RCP)
Assessing NTP authentication and checking NTP updates
Assessing DNS zone transfers and zone spoofing vulnerabilities
Assessing DNS traffic forwarding
Assessing secure DNS (SDNS) implementations
| ||