Link to home
Start Free TrialLog in
Avatar of mustekkzn
mustekkznFlag for South Africa

asked on

ISA 2004 - Allow IP Range

Hi Experts

I have requested a scan to be done on our network for vulnerability to attacks to our network by the below company.
https://www.securitymetrics.com/index.adp

We did a test run with the over night last night and it came back that we require to open a IP range and subnet mask range as they were getting blocked from ourside.
--------------------------------------------------------------------------------------------------------------------
This scan is inconclusive. Though your server had open ports, we were unable to connect to any of them successfully. There is a high probability that some type of firewall or scan-detection software is blocking us from accurately scanning your server. Please configure any firewall or software that would interfere with our scans to allow all traffic from SecurityMetrics - see https://www.securitymetrics.com/scanning .adp If you feel that you have received this notice in error, please contact SecurityMetrics support. [More]
--------------------------------------------------------------------------------------------------------------------
With that said we have a ISA 2004 proxy server.

My question is, how do I open up the below IP range and subnet mask range in ISA 2004?

IP Range
 204.238.82.16-32
Subnet Mask (Short)
 204.238.82.16/28
Subnet Mask (Long)
 204.238.82.16/255.255.255.240
 
Kind regards,
mustekkzn
ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bruno PACI
Bruno PACI
Flag of France image
Hi,

Well well well... Let me resume your situation :

You have been ask by a "security  experts company" to OPEN ALL access from an entire public IP range so that they are able to come in freely on your network to check for vulnerability !?!?!???

May be I've misunderstood something, but if not... you should change for a really serious security company.

The firewall is a absolutly important part of the security plan, so nobody can seriously ask you to reduce the security to make a security audit. If they are not able to remotely come in into your network to make their own test. If they want to make some tests on internal network, they send SOMEONE to visit your company and make tests directly from the internal network !


Have a good day.
Avatar of mustekkzn
mustekkzn
Flag of South Africa image

ASKER

Hi Experts

Thank you for your posts.

May be I need to give you guys some more details on why we require this test done.
Because our company takes online payments via Barclays epdq payments, it is now a requirement from us to have these scans done every 3 months. The requirement also states that this company, Security Metrics, they also need to get onto our network to do scans from within our local network.
They dont require us to open all traffic, just enough for them to come in and do their scan, hence the given IP and subnet range given.

Your assistance in this matter is greatly appreciated.

Kind regards,
mustekkzn
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Then open up RDP access from their specific IP address (not a range) on port 3389 and let it pass to a single internal work station. They can run their scans from there.

Avatar of mustekkzn
mustekkzn
Flag of South Africa image

ASKER

Hi Keith

It is all automated off their website. We enter our external IP address and then click on SCAN.
If it was only as simple as it sounds...

Kind regards,
Arno
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Your call then. We also use Barclays - amongst others - and they have certainly NEVER been given internal access though to our internal network. As I mentioned before we have to be checked regularly for penetration testing and would not dream of allowing unfettered access to the internal areas.
Avatar of mustekkzn
mustekkzn
Flag of South Africa image

ASKER

Hi Keith

Can I please ask for assistance in how to open this range for them? I would obviously not leave this open all the time.
As this is requirement from Barclays.....I dont think we have much of a choice to "jump" through this hoop for them unfortunately.
It was good enough for me that this company, Security Metric wasnt able to get in themselveds, but apparently according to them, if they are not able to get in, doesnt mean that anyone else cant. Which is probably a fair point to make.

Kind regards,
mustekkzn
Avatar of mustekkzn
mustekkzn
Flag of South Africa image

ASKER

Hi Experts

I would like to just say that this issue has been resolved. Apparently Security Metric had a problem with their line while conducting this scan and the error we received was just a generic error.
In the end we didnt have to open any of our security protocols for them to conduct their scan.

I appreciate all posts/ comments made above from all the experts.  

Just to end off, we passed their scan and they were happy with our level of security on our network.

Kind regards,
mustekkzn.
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Pleased to hear it. As mentioned, we work VERY closely with Barclays - and we are doing wexactly what you are intending to do - and have never had to open ports for ANY reason.
We gave you the correct answer but I have no issue with refunding your points.

Keith - ISA Forefront MVP
Avatar of mustekkzn
mustekkzn
Flag of South Africa image

ASKER

Hi Keith

My humble apology.
You are absolutely right. You warned me that for NO reason I should be opening up my network to anyone or anything.
Thinking now in hindsight I cant even believe I was even willing to consider this. Just because of a default notice saying that the problem could be the fact that our firewall could be the possible cause.

Kind regards,
mustekkzn
Avatar of Sunny Lowe
Sunny Lowe
Well, they are at it again with us. Telling us that, 
This scan is inconclusive. Though your server had open ports , we were unable to
connect to any of them successfully. There is a high probability that some type of
firewall or scan-detection software is blocking us from accurately s canning your
server. Please configure any firewall or software that would interfere with our
scans to allow all traffic from SecurityMetrics - see
https ://www.securitymetrics .com/scanning.adp If you feel that you have received
this notice in error, please contact SecurityMetrics support.

Open in new window


We have a SonicWall running 5.81 and it keeps them out. The point of keeping people out is to protect our servers. Why should we let a company come into our network in a way that we would not let anyone else in? Also, this opens our network to a spoof attack, by turning off the aggressive protection in the firewall. Someone can start spoof attacking all networks by sending packets orriginating from that subnet. Really strange.