Hey r/
Wanted to hear your thoughts about some firewall policies we are setting up.
I always want to follow the path of least privilige and configure rules with the following settings:
- Destination IP, Source IP and Port Protocol
However we did not get the RMM software to work through the firewall with the correct settings and I contacted support to assist me with the configuration. The ports needed for the RMM software to work are enourmous and it looks like that almost all services are allowed through.
My colleague argued, that if we just set the destination and Source IP, but allow all traffic, it does not matter what kind of traffic goes over the RMM line, it will only go or come from the RMM IP's.
Is this a security risk or common in networking practices. I agree that if the traffic is only allowed to and from the RMM IP's, security can still be guaranteed. Stuff like the cryptolocker situation with Kaseya would happen, even if the Ports are also defined.
No comments:
Post a Comment