Signal Harbor Security

Sample Report

This is what a finding looks like.

Every item in a Signal Harbor Security report follows the same four-panel format: the issue, the evidence, the operational consequence, and the exact step your IT team needs to act on it. No padding. No filler. Exactly what your staff needs and nothing more.

Organization Acme School District
Review Date June 2026
Scope acmeschools.edu + 3 subdomains
Status Delivered. Awaiting Remediation
1 Critical
1 High
1 Medium
Critical

Exposed Database Port on Public IP

The Finding

MySQL port 3306 is open and accepting connections from the public internet on IP address 198.51.100.42. This server is running MySQL 5.6.49, a version that has been end-of-life since February 2021 and is no longer receiving security patches.

The Evidence

# nmap -sV -p 3306 198.51.100.42 PORT STATE SERVICE VERSION 3306/tcp open mysql MySQL 5.6.49 | mysql-info: | Protocol: 10 | Version: 5.6.49-log | Server Capabilities: LON_PASSWORD, | CONNECT_WITH_DB, COMPRESS, ODBC

The Real-World Risk

Any person on the internet can attempt to brute-force this database directly. MySQL 5.6 is end-of-life and may contain unpatched vulnerabilities depending on configuration, exposure, and compensating controls. If an exposed system contains regulated student or operational data, compromise could trigger breach analysis, legal notification review, insurance reporting, public-records considerations, and significant operational disruption.

The Remediation Step

Block port 3306 at the firewall immediately. If external access is required, restrict to specific IP ranges only. # Linux iptables (drop all external MySQL access): iptables -A INPUT -p tcp --dport 3306 -j DROP Then schedule MySQL upgrade to 8.x within 30 days.
High

Domain Has No DMARC Policy

The Finding

The domain acmeschools.edu has an SPF record that is too permissive and has no DMARC record published at all. This means anyone can send email that appears to come from @acmeschools.edu addresses, including the superintendent and district administrators.

The Evidence

# dig TXT _dmarc.acmeschools.edu ;; ANSWER SECTION: (empty) # No DMARC record found. # dig TXT acmeschools.edu (SPF) "v=spf1 include:_spf.google.com +all" ^^^^ "+all" allows any sender

The Real-World Risk

A threat actor can send phishing emails that appear to come from the principal or superintendent to parents, staff, or vendors. These emails will pass spam filters because there is no cryptographic policy telling mail servers to reject or quarantine them. Cyber insurance underwriters flag missing DMARC as a coverage risk.

The Remediation Step

Add this DNS TXT record to acmeschools.edu: Host: _dmarc.acmeschools.edu Type: TXT Value: "v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@acmeschools.edu; pct=100" Also fix SPF: replace "+all" with "~all"
Medium

Expired TLS Certificate on Staff Portal

The Finding

The TLS certificate for portal.acmeschools.edu expired 47 days ago on April 23, 2026. The subdomain is still publicly reachable and displaying a browser security warning to every person who visits it. The certificate was issued by Let's Encrypt and was not set up for automatic renewal.

The Evidence

# openssl s_client -connect portal.acmeschools.edu:443 subject: CN=portal.acmeschools.edu issuer: CN=Let's Encrypt Authority X3 notAfter: Apr 23 12:00:00 2026 GMT Verify return code: 10 (certificate has expired)

The Real-World Risk

Every browser visiting the staff portal displays a full-screen security warning. Staff learn to click through certificate errors, which trains them to ignore the exact warning that would alert them to an actual man-in-the-middle attack. Insurance scanners flag expired certificates as an unmanaged risk posture.

The Remediation Step

Renew immediately with certbot, then enable auto-renewal: # Renew the certificate now: sudo certbot renew --cert-name portal.acmeschools.edu # Enable the auto-renewal systemd timer: sudo systemctl enable --now certbot.timer # Verify the timer is active: sudo systemctl status certbot.timer
This is a demonstration report using fictitious data. IP addresses, domain names, and technical details shown here are fabricated for illustration purposes. A real Signal Harbor Security report contains your organization's actual findings, sourced from live non-invasive external verification, with evidence screenshots and direct remediation guidance written for your specific IT environment.

Request a real review for your organization