Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

iptables / OS firewall rule to block scanning on Tcp/Udp 53, Tcp2381 for PHP & Openssh Tcp22

Posted on 2015-01-03
3
Medium Priority
?
255 Views
Last Modified: 2015-01-20
Will creating iptables / firewall rule to permit only selected sysadmin laptops (or app servers) to
access vulnerable servers (ISC Bind on Tcp/Udp 53 & PHP Tcp2381 & Openssh's too old versions)
help to block VA scanner's detection.

To help with mitigation till we have the resource to upgrade to higher versions
0
Comment
Question by:sunhux
  • 2
3 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 400 total points
ID: 40529369
Each of services has their IP-based access lists. And their ways of support to actually install updates (once a year before VA scan if no better idea)
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 1600 total points
ID: 40551426
Well. You're attacking a symptom and not the problem. You should NOT change ACL rules to prevent a vulnerability scanner from reaching a service on a host. If anything vulnerability scanners need to have blanket access to every port on every host.

Regardless of whether or not you adjust the ACL, the risk exists. If you change the ACL to prevent the scanner from hitting the port, you are hiding the risk, not acting on the risk. And thus you would not be able to report correctly on the risk.

Now, adjust the ACL to restrict access is certainly a remediation control you could use to act up on the present risk. So I agree with your approach only if you also add an ACL item which continues to allow the vulnerability scanner full access to the vulnerable servers.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40559565
Recomendation:
Update BIND (If out of redhat support you buy it or roll over to CentOS) - old 9-series configuration will work just fine, named-checkconf -z is your friend.
PHP TCP 2381 is HP management server - upgrade it (it is called SMH) at the same time restricting access or even binding it to localhost.
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Integration Management Part 2
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question