Segmentation Testing
When performing segmentation tests for PCI compliance, there aside from my Nmap scans there are a few things I've wanted to keep jotted down. This section contains my notes.
Below are some basic commands to use while performing segmentation testing. It should be noted that these should be modified in order to be more thorough.
ICMP
TCP
UDP
IPv6
Reporting
The following table is an example of how to report the results of a segmentation test:
10.1.1.1
53
tcp
DNS
10.2.2.2
80
tcp
HTTP
10.3.3.3
445
tcp
SMB
Notes
When performing a segmentation test against FortiGate devices, port 113/TCP may appear against every host as:
closed
. This is not a firewall misconfiguration. This documentation details more on this issue.When a port appears as
open|filtered
after performing a UDP scan, try running the following to verify if it is open:
Segmentation tests should note all open ports regardless of the business use case. If a business needs a port open, jusitifcation should be provided in the report.
Last updated