Announcement

Collapse
No announcement yet.

Is the message server a security risk?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Is the message server a security risk?

    Christian,

    I went through a security audit at work via a third party company. I was told in the report that using the message server plugin was a hazard to our network. HS enters our network via a VPN connection and the user must be logged in to our Active Directory database before the VPN client can connect. Is what he told us true and does the Message Server cause a security problem? One of the greatest advantages of this plugin is the ability to receive notices on my laptop when a server goes offline.


    Thanks for your input,
    Jerry Coleman



    1. Firewall Policy - As an example....Jerry has a security program running at his house and he has ports open in the BCPS firewall to allow that traffic to enter the network and alert him of "events" at his house. The port used is not a common port and thus has no application layer deep inspection at the firewall. A firewalk program could be used to gain full access to the network by a skilled individual. I think he redefined the policy onsite to restrict this particular opening at little while I was there; however, with some IP spoofing those countermeasures could possibly be evaded as well. The modification of the firewall policy has no checks and balances either.



    ________
    Daihatsu opti specifications
    Last edited by Jerry Coleman; May 15, 2011, 10:56 PM.

    #2

    Comment


      #3
      Christian,


      Why your HS servers enter your work network?
      I use HS to monitor my servers and routers at work. Via the Messenger plug in, James the butler pops up on my laptop and tells me when one is off line. I have 23 servers, 15 routers, print servers, switches, etc? This is very helpful when I?m out of town for days at a time.

      They seem to be concern with your work security where the client connects to a server and not listening on any port.
      I don?t have any incoming ports that are wide opened. All of them are designated to specific IP addresses. I manage thirteen different networks which are a great distance apart and make up my WAN. This is why I use a VPN connection to connect to work. My thoughts were that by connecting via VPN and obtaining one of my work?s IP addresses really wasn?t different then another workstation on that network. This VPN connection is using high encryption methods and I just never saw it as a threat.

      Also about the non common port used causing problem because no deep inspection you can fix that by using a common port. (81, 88, 8080, 8181)
      I ask this in ignorance, but do you feel like the port number matters as long as I?m connecting through a VPN session? I understood that port numbers were assigned numbers for example 21 for ftp. Wouldn?t deciding to use port say? 37 provide the same security at 21 except for the fact of the numbers being different digits? The ones over 1024 I believe are the ones not designated and are used by anyone for everything. Also, I would like to add that I?m using Zone Alarm on my edge router which is an XP box using ICS.


      Did you open a port at work because you where blocked?
      I?m the Senior Network Administrator at work. At first, I had a port opened and allowed it in and out. I guess I got more excited about what I would be able to do with the plug-in and was enamored by the cool factor. After reading through the configuration in my firewall, I changed it to be a VPN connection and made the port HS uses require authentication from Active Directory before traffic can be send in or out. I?m still being told that this isn?t safe and am confused as to why?


      Thanks for any input you would have?


      Jerry
      ________
      Lovely Wendie99
      Last edited by Jerry Coleman; May 15, 2011, 10:56 PM.

      Comment


        #4

        Comment

        Working...
        X