Abdullah Ollivierre 0 Posted November 18, 2022 Share Posted November 18, 2022 We have ESET Protect v10 self-hosted in our Azure environment. We're working on reducing attack surface by implementing stronger security around our tools like RMM, MDM, Management Portals. Moving from AV to EDR and from VPN to SDP/ZTNA 1- Can we have whitelisting on the Web Console ? 2- Can we disable public access to the web console without blocking other critical ESET services 3- Does ESET Protect support SSO with Azure AD ? 4- Can we use a third-party MFA app (Google Auth, Authy, etc..) for the TOTP or we limited to using the ESET Authenticator mobile app ? Link to comment Share on other sites More sharing options...
Abdullah Ollivierre 0 Posted November 18, 2022 Author Share Posted November 18, 2022 Since 443 is being used as failover for the ESET Push Notification Service as mentioned here https://help.eset.com/protect_install/10.0/en-US/upgrade_procedures.html?ports_used.html I changed the port being used by Apache Tomcat https://support.eset.com/en/kb7772-change-the-port-used-by-the-eset-protect-web-console to a different port and targeted that specific port with Azure NSG inbound policies to only allow certain IP addresses. I left 443 open in the NSG Inbound policies to allow other ESET Services communicate via 443. Can you please advise if 443 is indeed needed per the docs or should it be blocked if we are not serving the Tomcat web console ? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted December 12, 2022 ESET Staff Share Posted December 12, 2022 We would need more details for clarification before making any security-related decisions, but: Application hosted by Apache Tomcat, i.e. our webconsole deployed there is not accessed by any other service or component - i.e. you can change port and block any communication you wish. Impact on users will be inaccessible console via browser when accessing from blocked location ESET Push Notification Service indeed uses port 443 as an fallback, but this is service hosted by ESET itself, i.e. it just means that our components (like ESET PROTECT Server and Agent) are connecting to epns.eset.com:443 - so in case you are blocking only incoming connection to port 443, this should not be impacted. In case you are hosting ESET PROTECT (on-premise variant) in cloud, but your managed devices are located outside, crucial is to enable communication to port 2222 (if not changed), i.e. communication between ESET Management Agent and your ESET PROTECT Server instance. Port 2223 does not need to be accessible from outside, especially in case you are not using so called "Server assisted installation" of AGENTs. Also note that MDM management requires more ports to be opened. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts