Not sure this is the right board but I have a client that requested my company to perform a security assessment on their MX95 appliance. I was wondering if there is a checklist on what to review for best practice security on Meraki's.
Something like...
Password policy
Timeout length
Is SSO configured
2fa enabled enforced
Review local users
Thanks
Check some documentation that can help you.
General MX Best Practices - Cisco Meraki Documentation
MX Security Appliance FAQ - Cisco Meraki Documentation
MX Sizing Guide & Principles - Cisco Meraki Documentation
Hi @ArcherFX , are they expecting you to perform a pen-test or vulnerability assessment or literally just review the configuration against best practices?
Just review config against best practices.
I also tend to make comment about these settings (I usually label this bit of the report an "audit" of the current state).
* Threat Protection settings (is it on or off, and if on what level is it set to). Is there anything bypassing IPS? If so, is that still valid?
* AMP [Advanced Malware Protection] (is it on or off). Are there any exclusions? Are those still valid?
* Content filtering settings (on or off, exclusions, same as above)
* Is the device running the current stable firmware version or better?
* Are the configured destinations for alerts still valid (people come and go)
I also do a review of anything in the security centre. Is there anything of interest? Have there been any changes to existing trends?
I'll also have a peek at traffic analytics. Is the kind of traffic what I would not expect to be seeing for this kind of company? For example is there a lot of traffic to an unknown port, or is there 1000 hours spent on social media sites per week, etc.
I would also add FW rules to that list. It's easy to set up rules and then 6 months later they are redundant for what ever reason.
We review our firewall rules bi-annually.