3 Basic Things You Can Do To Secure Your On- Premise Vulnerability Management System
It’s a fact that some of the most valuable data that resides on your network is held within tools which have been put in place to help with your company’s overall risk posture. These said on-premise tools which are valuable in nature can sometimes be overlooked when it comes to security. The tools I am referring to are normally called Vulnerability Scanners or Vulnerability Management Systems.
Regardless of the naming convention, as a buyer of such a product, you hold the keys and the responsibility to locking up the fort. That fort is extremely important since it houses sensitive vulnerability data which could definitely give an attacker a blue print of your entire network. Put on your attacker mindset for a minute. Wouldn’t it make sense for you to deliberately target such a system? Not only can you see vulnerability data available from the latest scan, but you also have access to what is normally referred to as vulnerability trending data.
What if someone just wanted to prove a case and post some of this private data on a public forum just to paint a bad picture about your company? Not to mention once they have done that, they have literally passed that blueprint along to potential individuals who really pose a threat to your environment.
Here are 3 basic things you can do to secure your on-premise Vulnerability Management System:
- Change The Default Port
If you are using a Vulnerability Management Solution which several other companies have adopted as well, then there are probably attackers out there which are scanning the Internet to see if your solution pops up on a default port. A lot of the major products that are out there tend to make it easy for you to change this default port and it is something that you should do rather sooner than later.
- No Public Facing IPs
The only individuals that should have access to your on-premise Vulnerability Management Solution are ones that should also have access to your internal network. If your solution has any public facing IPs I would strongly suggest you change that immediately. There is no reason why your Vulnerability Management Solution can’t have an internal IP address assigned to it.
- Whitelist Trusted Traffic
Chances are you know the individuals who are engaged with utilizing your solution and if you don’t then get to know them. Furthermore, study their source traffic. What IPs or IP ranges do they normally sign in from? Once you get a good idea of where these individuals are logging in from, then feel free to create a whitelist with that information. The same goes for source IPs that are targeting your system. Come up with a blacklist for these IPs or just block everything but trusted traffic.
I’m a cybersecurity professional and it is my responsibility to not only spread awareness, but to make an impact with some of the information that I have learned over time. These three steps might be a no brainer to some of you, but it was written for those of you that haven’t taken any steps to lock down your Vulnerability Management Solution.