Solved

iptables / OS firewall rule to block scanning on Tcp/Udp 53, Tcp2381 for PHP & Openssh Tcp22

Posted on 2015-01-03
3
206 Views
Last Modified: 2015-01-20
Will creating iptables / firewall rule to permit only selected sysadmin laptops (or app servers) to
access vulnerable servers (ISC Bind on Tcp/Udp 53 & PHP Tcp2381 & Openssh's too old versions)
help to block VA scanner's detection.

To help with mitigation till we have the resource to upgrade to higher versions
0
Comment
Question by:sunhux
  • 2
3 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 100 total points
ID: 40529369
Each of services has their IP-based access lists. And their ways of support to actually install updates (once a year before VA scan if no better idea)
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 400 total points
ID: 40551426
Well. You're attacking a symptom and not the problem. You should NOT change ACL rules to prevent a vulnerability scanner from reaching a service on a host. If anything vulnerability scanners need to have blanket access to every port on every host.

Regardless of whether or not you adjust the ACL, the risk exists. If you change the ACL to prevent the scanner from hitting the port, you are hiding the risk, not acting on the risk. And thus you would not be able to report correctly on the risk.

Now, adjust the ACL to restrict access is certainly a remediation control you could use to act up on the present risk. So I agree with your approach only if you also add an ACL item which continues to allow the vulnerability scanner full access to the vulnerable servers.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40559565
Recomendation:
Update BIND (If out of redhat support you buy it or roll over to CentOS) - old 9-series configuration will work just fine, named-checkconf -z is your friend.
PHP TCP 2381 is HP management server - upgrade it (it is called SMH) at the same time restricting access or even binding it to localhost.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question