Jump to content

ESET PROTECT - Whitelisting and disabling public access to the Web Console ?


Recommended Posts

We have ESET Protect v10 self-hosted in our Azure environment.

We're working on reducing attack surface by implementing stronger security around our tools like RMM, MDM, Management Portals.

Moving from AV to EDR and from VPN to SDP/ZTNA

1- Can we have whitelisting on the Web Console ?

2- Can we disable public access to the web console without blocking other critical ESET services

3- Does ESET Protect support SSO with Azure AD ?

4- Can we use a third-party MFA app (Google Auth, Authy, etc..) for the TOTP or we limited to using the ESET Authenticator mobile app ?

 

Link to comment
Share on other sites

Since 443 is being used as failover for the ESET Push Notification Service as mentioned here https://help.eset.com/protect_install/10.0/en-US/upgrade_procedures.html?ports_used.html
I changed the port being used by Apache Tomcat https://support.eset.com/en/kb7772-change-the-port-used-by-the-eset-protect-web-console to a different port and targeted that specific port with Azure NSG inbound policies to only allow certain IP addresses.
 
I left 443 open in the NSG Inbound policies to allow other ESET Services communicate via 443.
 
Can you please advise if 443 is indeed needed per the docs or should it be blocked if we are not serving the Tomcat web console ?
Link to comment
Share on other sites

  • 4 weeks later...
  • ESET Staff

We would need more details for clarification before making any security-related decisions, but:

  • Application hosted by Apache Tomcat, i.e. our webconsole deployed there is not accessed by any other service or component - i.e. you can change port and block any communication you wish. Impact on users will be inaccessible console via browser when accessing from blocked location
  • ESET Push Notification Service indeed uses port 443 as an fallback, but this is service hosted by ESET itself, i.e. it just means that our components (like ESET PROTECT Server and Agent) are connecting to epns.eset.com:443 - so in case you are blocking only incoming connection to port 443, this should not be impacted.
  • In case you are hosting ESET PROTECT (on-premise variant) in cloud, but your managed devices are located outside, crucial is to enable communication to port 2222 (if not changed), i.e. communication between ESET Management Agent and your ESET PROTECT Server instance. Port 2223 does not need to be accessible from outside, especially in case you are not using so called "Server assisted installation" of AGENTs. Also note that MDM management requires more ports to be opened.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...