Mondoo Blog

Continuous Domain Health Checking and Compliance

Written by Tim Smith | February 13, 2024

Over the last decade, we’ve seen an explosion in the complexity of attacks on business infrastructure. New zero-day attacks and ransomware breaches have become weekly news topics. Businesses have reacted with new security practices and tooling meant to thwart attackers, but in the pursuit of cutting-edge defenses, have we missed the most basic part of securing business infrastructure? Attackers don’t need complex, zero-day exploits to compromise your business if your web properties and domains are not properly secured.

With new domain scanning, Mondoo Platform gives you continuous visibility into the security posture of your domains and IP addresses. The platform-hosted scanning means there’s nothing for you to install or deploy into your infrastructure. Out-of-the box policies mean you’ll receive security insights in just minutes for critical aspects of domain security:

TLS/SSL Security checks that you protect your web properties with the proper encryption and certificate settings:

  • Ensure only TLS 1.2 and 1.3 releases are allowed
  • Avoid weak ciphers such as RC2, RC4, DES, IDEA, export ciphers, and more
  • Enable ciphers with authenticated encryption with associated data (AEAD) support
  • Avoid weak certificate signing signatures such as MD2, MD5, or SHA1
  • Ensure certificates are signed by a CA
  • Ensure certificates are not revoked and not set to expire soon

HTTP Security ensures that you follow the best HTTP practices:

  • Set X-Content-Type-Options HTTP header to nosniff
  • Set Content Security Policy (CSP) HTTP header
  • Set Strict-Transport-Security (HSTS) HTTP header

Email Security monitors your critical email settings and practices:

  • Ensure and SPF record is used and in the proper format
  • Ensure DKIM is configured
  • Ensure DMARC is properly configured including the usage of RUF/RUA tags, quarantine policies, and DNS configuration
  • Ensure a DMARC DNS entry exists

DNS Security ensures that you follow the best practices to protect your organization from DNS-related attacks:

  • Avoid the use of legacy Google Workspace and Microsoft 365 MX records
  • Ensure no CNAME is used for root domain
  • Don’t use IP addresses in MX or NS records

See domain and IP policies in action

Ready to see how your domains and IP addresses fare against these and dozens of other security findings? Set up continuous domain and IP scanning on Mondoo Platform today.

To get started, go to the Mondoo Console. In the left navigation, select Add New Integration, then select Domain/IP Address. Enter an IP address or domain name and confirm the ports you want to scan. That’s it!

With your configuration set, in just minutes you’ll see results that prioritize top security findings that you should address first.

Once you've created the integration, Mondoo runs regular scans to keep on top of changes and ensure you always have a solid grasp of your domain/IP security posture and your compliance with major regulatory frameworks.

Domains and public IP addresses are the front line of your infrastructure security. And because compliance frameworks stress their importance, the domain/IP checks in Mondoo's policies map directly to compliance regulations.

Want to learn about securing your front line and your entire infrastructure? 
View full post