SALC
-
Posts
9 -
Joined
-
Last visited
Posts posted by SALC
-
-
Hi,
Our engineers are worried about the "back door" that "Run Task" provides and they are totally against it.
We are using ESET PROTECT (in house) and I would like to know if there is some way to disable/remove that functionality.
Thanks!
Best,Salva
-
Hi,
I'm configuring eset protect + eset bridge and after all the setup, agents cannot communicate with the server (which is in an internal network). I'm trying to make https://help.eset.com/ebe/2/en-US/upgrade.html?forwarding_of_communication.html this workWorks like this:
Agent -> Eset Bridge -> Protect Serverwhere bridge=proxy.xxx.com (3128 reachable from the internet) and protect server=server.xxx.com" (port 2222 is reachable from bridge"
I can see in the agent logs that "Enrollment failed with error: failed to connect to all addresses (code:14)" on connection "server.xxx.com" port: 2222, Proxy Enabled:1, Proxy connection: proxy.xxx.com"
Configurations are as follows (policies created and rolled out to bridge and agent installer):
Bridge Policy (followed https://help.eset.com/ebe/2/en-US/bridge_policy.html)
- port 3128- no authentication
- no proxy server
Agent Policy (followed https://help.eset.com/ebe/2/en-US/configure.html?agent_policy.html)
- Connection ("servers to connect to" hasn't been modified so its server.xxx.com")
- Advanced settings:
* Proxy Configuration type: Global Proxy
* Global Proxy configured with proxy.xxx.com: 3128
So basically even after configured ESET bridge and configured agents to connect to the proxy, the agent still complains that server.xxx.com is not reachable.
Do I need to setup something else? Why eset bridge does not catch up everything and the agent stills tries to communicate with the server without using the proxy?
Also, what's the purpose of proxy authentication if it cannot be used to increase security on top of the connection agent-server?Thanks in advance!
Best,Salva
-
Thanks for the information @IggyPop
I' having some issues while using Bridge.
Let me show you the setup and maybe you can point what I'm doing wrong
I have configured ESET bridge and applied the policy (https://help.eset.com/ebe/1/en-US/bridge_policy.html)EsetBridge listens in "ep.domain.com:3128" (server reachable from internet) and should redirect connections to "eset.int.domain.com:2222" (which it's only available from the internal network and also reachable from ep.domain.com).
I configured an Agent policy (that's used in the Agent installer) with the proxy details.
After I install the agent in a device out of the internal network, does not appear in the ESET Server. I get 403 in the logs
AGENT_IP - - [17/Jul/2023:13:44:39 +0200] "CONNECTeset.int.domain.com:2222 HTTP/1.0" 403 146 "-" "grpc-httpcli/0.0".
User and password for the proxy are well configured so I'm not sure why I get a 403...
Best,Salva
-
Hi @IggyPop,
Just to confirm.
With ESET Bridge, we can have HTTPS proxy authentication.
Is that right?
Thanks!
Best,Salva
-
@Peter Randziak just to confirm it.
ESET Bridge does not use HTTPS right?
if that's the case, it's a proxy quite useless from the security point of view since someone could just sneatch the credentials.
Thanks! -
Hi Peter.
A few things,
1) why won't make any sense to use VPN? We plan to roll out new devices (managed) for all employees and that will be a good oportunity to setup everything from scratch. It will give us an extra security layer for agent-server communication
2) I have seen that it's possible to use squid, place the server and agents certificates there so they are checked on proxy side. That's it's tedious to be sincere and that's something I would like to avoid... Also, I do not see the benefit of using squid and check the certificates. Supossedly that's what agent-server do when communicating each other
3) I haven't been able to run ESET Proxy (Apache) or ESET bridge with authentication (not sure if you meant that). I configured a policy (and also in the installer) the proxy but I always get 407 and agents are not able to connect to the server (and therefore does not appear as devices)
4) Cloud option is quite expensive compared to the price we are paying at the moment (minimum 100 nodes, +-3600K for 1 year)
5)When you say, teams are taking care of it. You mean the service itself or some other security around it?.
I do not like the idea of having this service publicly available (even if we 2FA)Thanks and cannot wait for your responses!
Best, -
Not sure if I'm right or not but I believe I read in another topic in the forum that the Proxy cannot be used for authentication against ESET Protect.
Anyway, I wasn't able to make Apache Proxy work (agent hasn't been detected by the Server)I guess that that's also applicable to Squid (instead of ESET Bridge or Apache2).
Any input?
Best, -
Hi!
We are running an ESET Protect server (on premises) in a server that it's not accessible from the outside.
While I understand that TCP over port 2222 occurs securely (using certificates) between the the agent and eset server, we want to have a proxy in front of it so computers runnings agents can authenticate against a proxy which will send the communication to the server.
My idea is:
Agent --> HTTPS Proxy (use authentication, port 3128) -> Server (2222)Another option could be to install VPN in all computers running the agent but that's something we would like to avoid.
Is this something that can be done?
Thanks in advance!
Best,Salva
Is it possible to remove/disable the "Run Task" functionality?
in ESET PROTECT On-prem (Remote Management)
Posted
Hi Marcos,
Sadly that's the way it is and we will not implement it if there is no option to remove/disable that feature.
Best,
Salva