Vulnerability Management WAN Architecture

ManageEngine Vulnerability Manager Plus is an Enterprise vulnerability management software that helps you scan, assess, prioritize and remediate vulnerabilities in your network endpoints. It comprises of features like vulnerability scanner and vulnerability assessment, automated patch management, security configuration management, zero-day vulnerability mitigation, high-risk software audit and web server hardening. Vulnerability Manager Plus supports the patching of computers in a distributed setup like branch or remote offices (WAN) and for mobile users, for example sales persons who are constantly on the move.

Advantages

The advantages of using the WAN architecture of Vulnerability Manager Plus include the following:

  1. Affordable, simple and quick solution for vulnerability management requirements
  2. Utilizes low bandwidth
  3. Enables network-neutral patch management
  4. Utilizes the same infrastructure for VPN connections. No separate VPN infrastructure is required
  5. Ensures that communication between the server and agents is secured
  6. Patches computers centrally using a single Web console

The following guide will help you understand the process of vulnerability management with the help of an architecture diagram.

vulnerability-management-wan-architecture

IT administrators or network security teams need the following components to perform vulnerability management in the remote computers:

  1. Vulnerability Manager Plus Server
  2. Distribution Server
  3. Agents
  4. Web console

Vulnerability Manager Plus Server:

The Vulnerability Manager Plus Server helps you to centrally perform all the vulnerability management tasks in your network endpoints. Some of the tasks include the following:

    • Installing agents in computers
    • Scanning computers for vulnerabilities and misconfigurations
    • Deploying patches and secure configurations
    • Uninstalling high-risk software

Any of the Windows computers in your network with the requirements mentioned here can be hosted as your Vulnerability Manager Plus Server. This Vulnerability Manager Plus Server at the customer site subscribes to the Central Vulnerability Database, from which it synchronizes the latest information on vulnerabilities and its remedies. Patches are downloaded directly from vendor sites and stored centrally in the server's patch store and will be replicated to your network endpoints to conserve bandwidth.

Components

This section includes detailed information about the components of the Vulnerability Manager Plus architecture. Refer to Figure 1: WAN Architecture of Vulnerability Manager Plus.

Server

  • Port
  • Purpose
  • Type
  • Connection
  • 6020
  • Agent Server communication
  • HTTP
  • In bound to server
  • 6027
  • Agent Server communication
  • TCP
  • In bound to server
  • 6022
  • To enable Chat and System Manager
  • HTTP
  • In bound to server
  • 6383
  • For communication between the agent or distribution server and the Vulnerability Manager Plus Server
  • HTTPS
  • In bound to server
  • 135
  • To enable remote administration and sharing of files and printers
  • TCP
  • Outbound from managed computers
  • 445
  • To enable sharing of files and printers
  • TCP
  • Outbound from managed computers

Vulnerability Manager Plus Server has to be installed in your LAN (say, the head office) and has to be configured as an EDGE device. This means that the designated port (default being 6020 and is configurable) should be accessible through Internet. You need to adopt necessary security standards to harden the OS where the Vulnerability Manager Plus Server is installed. Agents from all the remote locations report to this Vulnerability Manager Plus Server.

The Server acts as a container to store the patch details and, upon request, provide the instructions to the agents. It is advised to keep the Vulnerability Manager Plus Server always running to carry out the day-to-day Vulnerability Management activities.

Distribution server:

Distribution Server is light-weight software that is installed in one of the computers in the Branch Offices. This agent will communicate with the Vulnerability Manager Plus Server to pull the information for all the computers in that branch. The agents that reside in the branch office computers will contact the Distribution Server to get the information available to them and process the requests.

      • Low bandwidth utilization as only one agent will contact the Server periodically
      • Pulls the patches to be installed and other related details, from the Vulnerability Manager Plus Server and makes it available for the rest of the computers in the branch
      • Supports secured mode of communication (SSL/HTTPS) with the Server
      • Distribution Server installation is one-time and subsequent upgrades will be automatically performed

Agents:

To perform Vulnerability scanning and management, a lightweight, multipurpose agent will be installed by the server in your network systems. The agent contacts the server every 90 minutes to get the data to perform vulnerability scanning in endpoints as well as to carry out the tasks delegated by the server. It returns back the result to the server after completion of the task. The agent also maintains a continuous thin connection with the server in order to perform on-demand tasks.

Agents can be installed either manually or using a logon script in all the branch-office computers that are being managed using Vulnerability Manager Plus. This task is a one-time task. Up-gradation of agents is done automatically. Vulnerability Plus offers two options to help administrators manage computers across a WAN. The option that you choose depends on the number of computers you are going to manage at your remote office. The options available, enable you to use either of the following:

      1. Distribution servers and WAN agents: It is recommended that you use this option if you are patching more than 10 computers in a remote office.
      2. WAN agents only: It is recommended that you use this option if you are patching less than 10 computers in a remote office.

Web console:

The web console is a graphical user interface to access the server and perform vulnerability management tasks. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.