Cloudflare Zero Trust Network
In a Cloudflare Zero Trust Network account there are some settings and services that can be configured. In this page we are going to analyze the security related settings of each section:
Analytics
Gateway
Access
Applications
On each application:
Access Groups
Check that the access groups generated are correctly restricted to the users they should allow.
It's specially important to check that the default access group isn't very open (it's not allowing too many people) as by default anyone in that group is going to be able to access applications.
Note that it's possible to give access to EVERYONE and other very open policies that aren't recommended unless 100% necessary.
Service Auth
Check that all service tokens expires in 1 year or less
Tunnels
TODO
My Team
TODO
Logs
You could search for unexpected actions from users
Settings
Check the plan type
It's possible to see the credits card owner name, last 4 digits, expiration date and address
It's recommended to add a User Seat Expiration to remove users that doesn't really use this service
Last updated