Network

Continuous Domain Health Checking and Compliance

Over the last decade, we’ve seen an explosion in the complexity of attacks on business infrastructure. New zero-day attacks and ransomware breaches have become weekly news topics. Businesses have reacted with new security practices and tooling meant to thwart attackers, but in the pursuit of cutting-edge defenses, have we missed the most basic part of securing business infrastructure? Attackers don’t need complex, zero-day exploits to compromise your business if your web properties and domains are not properly secured.

With new domain scanning, Mondoo Platform gives you continuous visibility into the security posture of your domains and IP addresses. The platform-hosted scanning means there’s nothing for you to install or deploy into your infrastructure. Out-of-the box policies mean you’ll receive security insights in just minutes for critical aspects of domain security:

TLS/SSL Security checks that you protect your web properties with the proper encryption and certificate settings:

  • Ensure only TLS 1.2 and 1.3 releases are allowed
  • Avoid weak ciphers such as RC2, RC4, DES, IDEA, export ciphers, and more
  • Enable ciphers with authenticated encryption with associated data (AEAD) support
  • Avoid weak certificate signing signatures such as MD2, MD5, or SHA1
  • Ensure certificates are signed by a CA
  • Ensure certificates are not revoked and not set to expire soon

HTTP Security ensures that you follow the best HTTP practices:

  • Set X-Content-Type-Options HTTP header to nosniff
  • Set Content Security Policy (CSP) HTTP header
  • Set Strict-Transport-Security (HSTS) HTTP header

Email Security monitors your critical email settings and practices:

  • Ensure and SPF record is used and in the proper format
  • Ensure DKIM is configured
  • Ensure DMARC is properly configured including the usage of RUF/RUA tags, quarantine policies, and DNS configuration
  • Ensure a DMARC DNS entry exists

DNS Security ensures that you follow the best practices to protect your organization from DNS-related attacks:

  • Avoid the use of legacy Google Workspace and Microsoft 365 MX records
  • Ensure no CNAME is used for root domain
  • Don’t use IP addresses in MX or NS records

See domain and IP policies in action

Ready to see how your domains and IP addresses fare against these and dozens of other security findings? Set up continuous domain and IP scanning on Mondoo Platform today.

To get started, go to the Mondoo Console. In the left navigation, select Add New Integration, then select Domain/IP Address. Enter an IP address or domain name and confirm the ports you want to scan. That’s it!

Screen shot of Mondoo Console page for adding a new Domain/IP address integration

With your configuration set, in just minutes you’ll see results that prioritize top security findings that you should address first.

Screen shot of the Mondoo Console showing scan results of a domain or IP

Once you've created the integration, Mondoo runs regular scans to keep on top of changes and ensure you always have a solid grasp of your domain/IP security posture and your compliance with major regulatory frameworks.

Domains and public IP addresses are the front line of your infrastructure security. And because compliance frameworks stress their importance, the domain/IP checks in Mondoo's policies map directly to compliance regulations.

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007, port scanning class As since 1994, and downloaded his first Linux distro on a 14.4 modem. He most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

You might also like

Releases
Mondoo March 2024 Release Highlights
Vulnerabilities
Patching Made Easy: Introducing Guided Remediation in Mondoo
Vulnerabilities
How to Find the Backdoored XZ Package at Scale