Agent-based scans through a firewall?

Support topics for the enterprise version of ThreatGuard's SCAP products.
owensjp
Contributor
Posts: 12
Joined: Tue Apr 08, 2008 7:42 am

Agent-based scans through a firewall?

Postby owensjp » Thu May 29, 2008 12:26 pm

We're looking at the possibility of doing agent-based scans through a firewall? Does this sound like a totally crazy idea? The only significant configuration requirement appears to be opening TCP port 2650. Any thoughts on how huge a security risk it might be to open this port in a border firewall to allow this sort of scan?

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Fri Jun 06, 2008 8:57 am

Foremost in the design of the agent was to not create any security implications on any host that activated it.

Even with that in mind, though any open port is a potential risk -- your best option is always to minimize the exposed surface area of any machine. You can do this by creating a firewall rule that only allows access to the Agent port (default 2650) from the IP address of your server.

In cases where security is premium, such as any internet-exposed equipment, the safest option is to run assessments on the console with Secutor Prime and import the results into your Magnus server (you can install Prime to a thumb drive to make this easier).


Return to “Secutor Magnus Support”

Who is online

Users browsing this forum: No registered users and 1 guest