View previous topic :: View next topic |
Author |
Message |
greyhat64
Joined: 14 Mar 2008 Posts: 246 Location: USA
|
Posted: Tue Jun 18, 2013 2:54 pm Post subject: Why not use SSL for RMA and RCC comms? |
|
|
Especially for RMA, since most firewalls are already configured to pass SSL traffic? It's a hard sell sometimes to convince IT Security to open up additional ports. |
|
Back to top |
|
|
KS-Soft Europe
Joined: 16 May 2006 Posts: 2832
|
Posted: Tue Jun 18, 2013 3:15 pm Post subject: |
|
|
SSL encryption has nothing to do with TCP ports.
Some standard protocols that use SSL have standard port numbers (e.g. HTTPS 443, IMAP over SSL 993).
However, any port communication can be encrypted using SSL.
You may setup HostMonitor and RMA to use some standard ports, however this will often lead to problems, because RMA and other applications will try to open the same port.
On the other hand you may use Active RMA agents. Active RMA do not require to open incoming port on firewall.
Please check for details at:
http://www.ks-soft.net/hostmon.eng/rma-win/index.htm#passiveORactive |
|
Back to top |
|
|
greyhat64
Joined: 14 Mar 2008 Posts: 246 Location: USA
|
Posted: Tue Jun 18, 2013 5:58 pm Post subject: |
|
|
You say "Active RMA do not require to open incoming port on firewall.", but that ignores the fact that the default outbound ports are not typically open in ANY enterprise environment. I have to answer a whole series of questions to justify opening up 5056/TCP or 5057/TCP.
Of course you are right re:SSL and ports, but if Active RMA were to use HTTPS (443/TCP), for instance, I wouldn't be spending my time justifying this products existence.
Besides, using HTTPS, properly implemented, could provide Hostmon with a recognized standard for the validation of the remote agent. |
|
Back to top |
|
|
xcentric
Joined: 23 Oct 2010 Posts: 176
|
Posted: Wed Jul 03, 2013 12:07 pm Post subject: |
|
|
Does this mean the password for rcc connections and rma's are reversible or in plain text? |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12807 Location: USA
|
Posted: Wed Jul 03, 2013 2:05 pm Post subject: |
|
|
RCC, HostMonitor, RMA does not send password itself (to each other). You cannot sniff plain password or some data that can be decrypted and receive password. |
|
Back to top |
|
|
|