Options

Secure RMM appliance on port 443.

HugePerchHugePerch Member Posts: 9 ■■■□□□□□□□
in Other Security Certifications
I have an RMM system that is an appliance that contain Database and Http (jetty) server in the same VM. This appliance need to have a public IP and have port 443 opened so the clients can talk to the server.

How do I BEST secure this solution with a Cisco device? I'm very worried about SQL hacks, or exploits for the http server. I just want to have an extra layer of security.
· Share on FacebookShare on Twitter

Comments

  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    What Cisco device are we talking about here?
    · Share on FacebookShare on Twitter
  • Options
    HugePerchHugePerch Member Posts: 9 ■■■□□□□□□□
    Well, What Im looking for is tips how to secure this setup, with Cisco devices, like IDS, firepower etc..
    · Share on FacebookShare on Twitter
  • Options
    MitechniqMitechniq Member Posts: 286 ■■■■□□□□□□
    Very interesting question, one I frankly get a lot from clients. They tend to not like my answer and you probably will not like it as well (all depends on how much you really want to secure your system). First is to know or have someone know the inner workings of your application - how do you secure something without actually knowing what your are securing. This means looking over the web application code and the structure of the database. My second suggestion is to validate your application there are several free tools out there that determine what Web vulnerabilities you are introducing into the wild. The first one that comes into mind is Burp Suite, fairly intuitive application to use.

    I tell my students that security is the 'sugar' in your cake. Sprinkling sugar over the cake, keeping some sugar on the side or adding an alternative sweetener will never be the same as BAKING the sugar into the cake.

    But in the sake of answering your question your method of 'masquerading' your application vulnerabilities can be done with something like a Web Application Firewall or a Next Gen Firewall. Depending on the features these devices can be very costly but your main idea is to protect the higher levels of the OSI model.
    · Share on FacebookShare on Twitter
  • Options
    HugePerchHugePerch Member Posts: 9 ■■■□□□□□□□
    Thanks for the reply!

    Infact, I don't even have the root login to the appliance so I cant look at it. Which means I cant reset it with a live cd, if I want to.. icon_smile.gif
    · Share on FacebookShare on Twitter
Sign In or Register to comment.