| Item | Testing Method |
|---|---|
| pfSense VMs can connect to the internet and allow devices in their subnet to do so as well | Ping google.com from each device in the network |
| Devices on LAN can communicate with each other | Have each device ping every other device in its subnet |
| Both host and network-based firewall rules are being enforced | Attempt to circumvent each firewall rule |
| DNS servers are functioning properly | Use each device to resolve the IP of every other device within its network. |
| Core functionality of developer applications intact after hardening | Utilize each application installed by the scripts/playbooks on each of the development workstations as an unprivileged user |
| Domain user accounts are working as intended | For each user, attempt to: - Log in to devices that they are not authorized to access - Log in to devices that they are meant to have access to - Perform actions that require permissions beyond what they have been granted on the devices that they are allowed to access - Utilize admin or sudo rights if they have been granted them |
| Auditing is working as configured | Perform actions that would result in audit events while viewing logs to ensure that audit events are being triggered as intended. |
| The scripts and playbooks that have been made up to this point are functioning as intended | Check that each purpose of the scripts/playbooks has been fulfilled |
| Item | Testing Method |
|---|---|
| The Active Directory server can enforce group policies | Generate a Group Policy report on both the AD server and the development workstation and check that all GPOs are being applied where intended |
| PowerShell remoting from the Active Directory server to the development workstation is working as intended | Run a script targeting the development workstation from the Active Directory Server via PowerShell remoting |
| Item | Testing Method |
|---|---|
| The Ansible server can run playbooks targeting the development workstation | Run one of the playbooks targeting the development workstation from the Ansible server |
| Intrusion Prevention System is working as intended | Trigger Fail2Ban to block the Parrot VM's IP by entering invalid credentials repeatedly |