+ Reply to Thread
Results 1 to 6 of 6
  1. Senior Member
    Join Date
    Sep 2016
    Posts
    129

    Certifications
    CCNA Security, CCNA R&S
    #1

    Default Isolating vulnerable systems

    We have a windows server (we'll call it ServerA) that has a critical vulnerability. For the next few months, we cannot patch this system. I was thinking about this. The only two systems that need to access this system are ServerB and the vulnerability scanner.

    I was thinking about using Windows firewall to allow traffic from ServerB to ServerA over the specific TCP port it needs. This seems easy enough. My confusion is, how do I allow this for the vulnerability scanner? I think would need to allow all ports, but then I'm allowing the scanner full access to the system. Not sure that makes sense

    The other thing I thought of was creating an ACL on the L3 switch that only allows traffic with those source addresses to ServerA, but network management doesn't seem to want to be bothered with that

    How would you all isolate this?
    Reply With Quote Quote  

  2. SS
  3. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    813

    Certifications
    PenTest+, CySA+, LFCS, GCIH, eJPT, CCNA, CAPM, CompTIA Trifecta
    #2
    Run a credentialed scan on the vulnerable machine, where you create a Windows account that has read-only credentials and then use these credentials in the scan. One alternative might be to put a scanning agent on the Windows machine if your scanner supports that. That way you can really ratchet down on open ports like you mentioned.
    2018: CCNA Cyber Ops cohort 7
    2019: OSCP | CISSP
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Sep 2016
    Posts
    129

    Certifications
    CCNA Security, CCNA R&S
    #3
    Not sure I follow this. The scan is a credential scan, but the windows account that is used with the scan is a "domain admin". How does one create a read-only windows account?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2013
    Posts
    1,510

    Certifications
    Cisco (3), CompTIA (2), EC-Council (2), GIAC (3), ISACA (1), ISC2 (1)
    #4
    Which scanner? Is it possible to install a scanner locally? I am not sure exactly why you even care about scanning the system if you cannot patch it.

    You could open all ports specifically coming from the vulnerability scanner system too.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Sep 2016
    Posts
    129

    Certifications
    CCNA Security, CCNA R&S
    #5
    Quote Originally Posted by TechGuru80 View Post
    Which scanner? Is it possible to install a scanner locally? I am not sure exactly why you even care about scanning the system if you cannot patch it.

    You could open all ports specifically coming from the vulnerability scanner system too.
    Scanner is Nessus. I care about scanning because the critical vuln that I'm talking about requires an upgrade to the application, which cant be done for a few months. We are able to resolve other vulnerabilities that may exist

    I can probably install a scanner locally, if thats the best option. I'm just trying to figure out what is best practice for isolating this system, meaning is it better to use a host based firewall or isolate it using network ACLs

    I guess I can open all ports to the scanner to. We'll possibly find more vulnerabilities that way.

    What I'm not following is the comment of credential scans. If I use a credential scan, it still won't work if I don't allow the scanner through the host firewall
    Last edited by mnashe; 02-23-2018 at 02:31 AM.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2011
    Location
    DMV
    Posts
    243
    #6
    Because there's a vulnerability doesn't mean it would be exploited, carry out a risk assessment before you go on with applying whatever controls (ACLS, Firewall)you're thinking about.

    A simple control could also be for management to accept the risk knowing you're upgrading the system soon.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks