Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

iptables / OS firewall rule to block scanning on Tcp/Udp 53, Tcp2381 for PHP & Openssh Tcp22

Posted on 2015-01-03
3
Medium Priority
?
243 Views
Last Modified: 2015-01-20
Will creating iptables / firewall rule to permit only selected sysadmin laptops (or app servers) to
access vulnerable servers (ISC Bind on Tcp/Udp 53 & PHP Tcp2381 & Openssh's too old versions)
help to block VA scanner's detection.

To help with mitigation till we have the resource to upgrade to higher versions
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 400 total points
ID: 40529369
Each of services has their IP-based access lists. And their ways of support to actually install updates (once a year before VA scan if no better idea)
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 1600 total points
ID: 40551426
Well. You're attacking a symptom and not the problem. You should NOT change ACL rules to prevent a vulnerability scanner from reaching a service on a host. If anything vulnerability scanners need to have blanket access to every port on every host.

Regardless of whether or not you adjust the ACL, the risk exists. If you change the ACL to prevent the scanner from hitting the port, you are hiding the risk, not acting on the risk. And thus you would not be able to report correctly on the risk.

Now, adjust the ACL to restrict access is certainly a remediation control you could use to act up on the present risk. So I agree with your approach only if you also add an ACL item which continues to allow the vulnerability scanner full access to the vulnerable servers.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40559565
Recomendation:
Update BIND (If out of redhat support you buy it or roll over to CentOS) - old 9-series configuration will work just fine, named-checkconf -z is your friend.
PHP TCP 2381 is HP management server - upgrade it (it is called SMH) at the same time restricting access or even binding it to localhost.
0

Featured Post

Quiz: What Do These Organizations Have In Common?

Hint: Their teams ended up taking quizzes, too.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question