P8 Testing and reviewing protection applied to an
IT system
In this document I will be testing the organisation’s IT system, ensuring it has been protected against a number of different threats. This will be done by
looking at how effective the Firewall is, whether entry points are configured correctly (allowed or blocked), if the hardware, software and network are
secure, and if there is any irregular data within logs. Following this, I will be reviewing to what extent all these systems protect the IT system.
Testing
Nº Risk targeted Test description Expected outcome Actual outcome
Firewall testing: blocking unauthorised traffic and allowing legitimate traffic through
1.0 External hacking Ensure Windows Defender Firewall is Firewall should be active Firewall is active
on
2.0 External hacking Check firewall port 21 Port should be closed Port is filtered
2.1 External hacking Check firewall port 22 Port should be closed Port is filtered
2.2 External hacking Check firewall port 23 Port should be closed Port is filtered
2.3 External hacking Check firewall port 80 Port should be open Port is filtered
2.4 External hacking Check firewall port 110 Port should be closed Port is filtered
2.5 External hacking Check firewall port 143 Port should be closed Port is filtered
2.6 External hacking Check firewall port 443 Port should be open Port is filtered
2.7 External hacking Check firewall port 3389 Port should be closed Port is filtered
3.0 Internal hacking System monitors outbound traffic Firewall checks all outbound traffic Outbound rules can block/allow traffic
3.1 External hacking System monitors inbound traffic Firewall checks all inbound traffic Inbound rules can block/allow traffic
Entry points: allowing and blocking applications abilities to be executed
4.0 Software Allowed applications can be run Allowed files can be executed All allowed applications could be run
execution
4.1 Software Blocked applications cannot be run Blocked files cannot be executed An error message appears
execution
Unit 7: IT Systems Security and Encryption
,5.0 Executable files Ensure users don’t have access to All users except administrators don’t Only the domain administrators had
executable files have access to an applications file access to the executable files
5.1 Downloaded files Prevent downloaded files from being Anything downloaded from the internet All accounts have restrictions that
executed shouldn’t execute on a non-admin prevent them from executing
account downloaded files
System scans: hardware and software checks using common testing tools
6.0 Virus infection Run anti-virus software scan Should find no viruses or malicious code Everything was clear
6.1 Malware infection Run anti-malware software scan Should find no malware Everything was clear
6.2 Adware infection Run anti-adware software scan Should find no adware Everything was clear
6.3 Spyware infection Run anti-spyware software scan Should find no spyware Everything was clear
7.0 System Use MSinfo32 to check hardware, All settings should be set correctly, with Everything was fine with the hardware,
Functionality resources, software, and internet no diagnostics needed resources, software, and Internet
settings settings.
7.1 Setting glitches Use Windows troubleshoot to find any When troubleshooted, everything Everything was fine, with no issues being
issues with incoming connections, should come back fine. reported
HomeGroup, and Windows update
Network testing: scanners, security-based operating system distribution, sniffers
8.0 Network access Run an IP Scan of the LAN Only authorised devices should have There were no unauthorised devices
access. Shared folders have appropriate detected.
permissions.
8.1 Network access Port Scanning All ports should have the appropriate Every port detected had the correct
status response
8.2 Network access Ping Scan Identify any network issues Troubleshooting found no issues
8.3 Network access TCP Half-Open Find potential open ports All ports had their appropriate statuses
9.0 Operating System Windows Server 2019 System should be using the latest The system was using the latest version
Distribution version (10.0.17763)
9.1 Operating System Windows Admin Centre Features such as certificates, devices and There were no issues with any of the
Distribution events should be configured correctly features, plugins or extensions
9.2 Operating System Windows Defender Every feature, such as the anti-virus, Everything within this area was
Distribution should be switched on configured and working
10.0 Network access Run Wireshark sniffer scan Analyse packets and flag anything that The scan found nothing malicious
Unit 7: IT Systems Security and Encryption
, may be considered malicious
Activity logs: viewing and interpreting data
11.0 External hacking Check for any successful or unsuccessful There should be no unrecognised IP Everything was authorised, with no
access from external devices addresses or port information in the log breaches from external sources
11.1 Internal hacking Check for any successful or unsuccessful There should be no unsuccessful access Everything was clear, displaying no
access from internal devices documented hacking from within the domain
11.2 Internal hacking Check file logs to see who has accessed Only authorised personnel should have Only authorised personal edited the
or edited them viewed or edited certain files selected files
Review
The testing of the network has shown no defects in the techniques used to protect it.
Firewall
The use and configuration of the Firewall was very effective in protecting the IT system as it
validated every connection made to the network - both inbound and outbound. Rules were set up
to restrict any inbound traffic from untrusted or malicious sources, whilst rules setup relating to
outbound traffic prevented devices on the network from connecting to unsecure, external
networks. They were also setup in such a way that allowed legitimate traffic to get through - this
results in business operations not being effected by filters and restrictions that could prevent
genuine traffic. Windows defender is also very efficient at monitoring the system on a ‘real-time’
basis; providing round-the-clock protection. Its many features also make it beneficial to have, as its
anti-virus and Firewall give defence - meaning there is still a level of high security without the
installation of third-party applications. Using ‘Stealth mode’ within Microsoft Firewall is another
efficient technique, as it averts hackers from accessing information from the network, such as
services that it runs and the devices that are connected to the network. Finally, checking Firewall
ports and setting them to either closed or filtered, is an effective procedure due to its ability to
prevent unauthorised access, whilst scanning all inbound and outbound connections enables the system to filter the legitimate and malicious connections -
including their packets. 8/10
Entry points
Unit 7: IT Systems Security and Encryption
IT system
In this document I will be testing the organisation’s IT system, ensuring it has been protected against a number of different threats. This will be done by
looking at how effective the Firewall is, whether entry points are configured correctly (allowed or blocked), if the hardware, software and network are
secure, and if there is any irregular data within logs. Following this, I will be reviewing to what extent all these systems protect the IT system.
Testing
Nº Risk targeted Test description Expected outcome Actual outcome
Firewall testing: blocking unauthorised traffic and allowing legitimate traffic through
1.0 External hacking Ensure Windows Defender Firewall is Firewall should be active Firewall is active
on
2.0 External hacking Check firewall port 21 Port should be closed Port is filtered
2.1 External hacking Check firewall port 22 Port should be closed Port is filtered
2.2 External hacking Check firewall port 23 Port should be closed Port is filtered
2.3 External hacking Check firewall port 80 Port should be open Port is filtered
2.4 External hacking Check firewall port 110 Port should be closed Port is filtered
2.5 External hacking Check firewall port 143 Port should be closed Port is filtered
2.6 External hacking Check firewall port 443 Port should be open Port is filtered
2.7 External hacking Check firewall port 3389 Port should be closed Port is filtered
3.0 Internal hacking System monitors outbound traffic Firewall checks all outbound traffic Outbound rules can block/allow traffic
3.1 External hacking System monitors inbound traffic Firewall checks all inbound traffic Inbound rules can block/allow traffic
Entry points: allowing and blocking applications abilities to be executed
4.0 Software Allowed applications can be run Allowed files can be executed All allowed applications could be run
execution
4.1 Software Blocked applications cannot be run Blocked files cannot be executed An error message appears
execution
Unit 7: IT Systems Security and Encryption
,5.0 Executable files Ensure users don’t have access to All users except administrators don’t Only the domain administrators had
executable files have access to an applications file access to the executable files
5.1 Downloaded files Prevent downloaded files from being Anything downloaded from the internet All accounts have restrictions that
executed shouldn’t execute on a non-admin prevent them from executing
account downloaded files
System scans: hardware and software checks using common testing tools
6.0 Virus infection Run anti-virus software scan Should find no viruses or malicious code Everything was clear
6.1 Malware infection Run anti-malware software scan Should find no malware Everything was clear
6.2 Adware infection Run anti-adware software scan Should find no adware Everything was clear
6.3 Spyware infection Run anti-spyware software scan Should find no spyware Everything was clear
7.0 System Use MSinfo32 to check hardware, All settings should be set correctly, with Everything was fine with the hardware,
Functionality resources, software, and internet no diagnostics needed resources, software, and Internet
settings settings.
7.1 Setting glitches Use Windows troubleshoot to find any When troubleshooted, everything Everything was fine, with no issues being
issues with incoming connections, should come back fine. reported
HomeGroup, and Windows update
Network testing: scanners, security-based operating system distribution, sniffers
8.0 Network access Run an IP Scan of the LAN Only authorised devices should have There were no unauthorised devices
access. Shared folders have appropriate detected.
permissions.
8.1 Network access Port Scanning All ports should have the appropriate Every port detected had the correct
status response
8.2 Network access Ping Scan Identify any network issues Troubleshooting found no issues
8.3 Network access TCP Half-Open Find potential open ports All ports had their appropriate statuses
9.0 Operating System Windows Server 2019 System should be using the latest The system was using the latest version
Distribution version (10.0.17763)
9.1 Operating System Windows Admin Centre Features such as certificates, devices and There were no issues with any of the
Distribution events should be configured correctly features, plugins or extensions
9.2 Operating System Windows Defender Every feature, such as the anti-virus, Everything within this area was
Distribution should be switched on configured and working
10.0 Network access Run Wireshark sniffer scan Analyse packets and flag anything that The scan found nothing malicious
Unit 7: IT Systems Security and Encryption
, may be considered malicious
Activity logs: viewing and interpreting data
11.0 External hacking Check for any successful or unsuccessful There should be no unrecognised IP Everything was authorised, with no
access from external devices addresses or port information in the log breaches from external sources
11.1 Internal hacking Check for any successful or unsuccessful There should be no unsuccessful access Everything was clear, displaying no
access from internal devices documented hacking from within the domain
11.2 Internal hacking Check file logs to see who has accessed Only authorised personnel should have Only authorised personal edited the
or edited them viewed or edited certain files selected files
Review
The testing of the network has shown no defects in the techniques used to protect it.
Firewall
The use and configuration of the Firewall was very effective in protecting the IT system as it
validated every connection made to the network - both inbound and outbound. Rules were set up
to restrict any inbound traffic from untrusted or malicious sources, whilst rules setup relating to
outbound traffic prevented devices on the network from connecting to unsecure, external
networks. They were also setup in such a way that allowed legitimate traffic to get through - this
results in business operations not being effected by filters and restrictions that could prevent
genuine traffic. Windows defender is also very efficient at monitoring the system on a ‘real-time’
basis; providing round-the-clock protection. Its many features also make it beneficial to have, as its
anti-virus and Firewall give defence - meaning there is still a level of high security without the
installation of third-party applications. Using ‘Stealth mode’ within Microsoft Firewall is another
efficient technique, as it averts hackers from accessing information from the network, such as
services that it runs and the devices that are connected to the network. Finally, checking Firewall
ports and setting them to either closed or filtered, is an effective procedure due to its ability to
prevent unauthorised access, whilst scanning all inbound and outbound connections enables the system to filter the legitimate and malicious connections -
including their packets. 8/10
Entry points
Unit 7: IT Systems Security and Encryption
