Solved

iptables / OS firewall rule to block scanning on Tcp/Udp 53, Tcp2381 for PHP & Openssh Tcp22

Posted on 2015-01-03
3
218 Views
Last Modified: 2015-01-20
Will creating iptables / firewall rule to permit only selected sysadmin laptops (or app servers) to
access vulnerable servers (ISC Bind on Tcp/Udp 53 & PHP Tcp2381 & Openssh's too old versions)
help to block VA scanner's detection.

To help with mitigation till we have the resource to upgrade to higher versions
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 100 total points
ID: 40529369
Each of services has their IP-based access lists. And their ways of support to actually install updates (once a year before VA scan if no better idea)
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 400 total points
ID: 40551426
Well. You're attacking a symptom and not the problem. You should NOT change ACL rules to prevent a vulnerability scanner from reaching a service on a host. If anything vulnerability scanners need to have blanket access to every port on every host.

Regardless of whether or not you adjust the ACL, the risk exists. If you change the ACL to prevent the scanner from hitting the port, you are hiding the risk, not acting on the risk. And thus you would not be able to report correctly on the risk.

Now, adjust the ACL to restrict access is certainly a remediation control you could use to act up on the present risk. So I agree with your approach only if you also add an ACL item which continues to allow the vulnerability scanner full access to the vulnerable servers.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40559565
Recomendation:
Update BIND (If out of redhat support you buy it or roll over to CentOS) - old 9-series configuration will work just fine, named-checkconf -z is your friend.
PHP TCP 2381 is HP management server - upgrade it (it is called SMH) at the same time restricting access or even binding it to localhost.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Read about achieving the basic levels of HRIS security in the workplace.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question