Network Security Scanner & Patch Management Software

Vulnerability Management over the Internet

Consider scenarios where you have to manage

• systems that are spread across different geographical locations or offices over the internet (applicable primarily to Service Providers)
• laptops that are often disconnected from the network (mobile users on the move)
• systems situated behind a NAT/PAT firewall or router (systems in different branches of an enterprise)

Security Manager Plus is powered with an agent that can be used to manage such systems, where maintaining a dedicated network tunnel is not feasible; therefore allowing the communication over the internet. The only prerequisite is that the Security Manager Plus Agents should be able to contact the Security Manager Plus Server over the web (using HTTP).

Enterprise Setup

Here is an example to illustrate how a Service Provider can setup Security Manager Plus Agents in the HTTPS mode to manage systems in different geographical locations.

A Service Provider, say SerPro Inc., in Washington, has a requirement to manage systems for 2 of his enterprise clients - BNF Bank in Texas and Colt Freightliners in New York, who are situated in different locations in the USA. These 2 networks are in are interconnected in any way, and neither are they accessible from the SerPro network.

The Security Manager Plus Server will reside in the SerPro network in Washington. The Security Manager Plus Agents (in HTTPS mode) will be deployed in the systems in these 2 client networks spread across the US. The agents will contact the Security Manager Plus Server over the internet and fetch patch management tasks that need to be performed. On task completion they will report back to the Security Manager Plus Server with the status update. Thus the systems in these independent enterprise networks will be managed by a single console with just internet accessibility.

Setting Up Security Manager Plus Server in the Service Provider Network

1. On a system which is in the Internet Data Center (IDC), with a public IP address

Security Manager Plus Server can be installed on a server in the IDC of the service provider. This server must have a unique public IP address and must be accessible over the web. Port 6767 (default web server port of Security Manager Plus server) must be open to allow Security Manager Plus agents to communicate to this server.

Administrators can login to the web interface of Security Manager Plus from any location to view and perform patch management tasks.

2. On a system in the internal network of the service provider, with internet access via a NAT/PAT router

Security Manager Plus can be installed on a system with an internal IP address, within the SerPro network. The NAT router in the service provider IDC will have the public IP address for external internet traffic, and this will redirect all traffic to and from the internal IP addresses. The NAT router must be configured (mapping in the routing table) in such a way that it routes all HTTP (web) traffic coming through port 6767 (default web server port of Security Manager Plus server) to the internal IP address of the system which has Security Manager Plus Server installed.

The SMP agents will have the external IP of the SerPro NAT router configured as the SMP Server name and will establish contact over the web on port 6767 (default). The NAT router at SerPro will take care of redirecting the requests/responses to the internal IP address of the SMP Server machine.

Setting Up Security Manager Plus Agents at the customer sites

This process is very much simple and does not involve any major configurations at the customer sites.

• Access the web interface of the SMP Server in SerPro using the public IP address : https://<publicIP>:6767/
• Login and download the SMP Agents (Windows) from the Admin tab
• Copy and install the SMP Agents on systems that need to be managed
• Provide the public IP address of the SMP server machine as Server Name to the agent during installation
• If web access from the SMP Agent machine happens via a proxy server, this can be configured during installation or later from the System Tray Icon of SMP Agent
• Start the agent at the end of the installation screen
• Login to the web interface of SMP, visit the Assets tab and see your agents listed there

Differences between Security Manager Plus Agent in HTTPS mode and TCP mode

S.No	Description	Security Manager Plus Agent in HTTPS Mode	Security Manager Plus Agent in TCP Mode
1	Usage scenario	To manage systems in remote locations without a dedicated network connection (over internet), systems in the LAN, laptops that are often disconnected from the network	To manage systems in the LAN, systems with restricted access, systems accessible over a VPN tunnel
2	Communication protocol	HTTP (Over the web)	Port to port (TCP)
3	Security	Data encrypted. Communication secured using SSL over HTTP (HTTPS)	Data encrypted. Communication secured using SSL over TCP.
4	Server to Agent communication port (To be opened in the firewall, if any)	None	9005 (Agent listens in this port. Configurable)
5	Agent to Server communication ports (To be opened in the firewall, if any)	6262, 6767 (Server web ports - default, but configurable)	9004 (Server listens in this port for agent. Configurable)
6	SMP Server location	SMP Server can be installed in an internal network and the Agent in an external network, provided the IP & port mapping are done in the NAT. The external IP address can be used by the Agent	SMP server must be located so that a TCP connection can be established by the Agent to the server
7	Agent Configurations required	External IP address of the SMP Server SMP server's HTTP and HTTPs ports Proxy server info (if present) Polling interval for agent	Name/IP address of the SMP Server SMP Server's TCP port
8	Communication Flow between Server and Agents	One-way (Agent polls Server)	Two-way
9	Response time of Agent	At every agent poll interval	Instant (no polling!)
10	Operating System supported	Windows only	Windows only

Refer to the documentation for more information on Security Manager Plus Agent Installation, Setup and Configuration.