Why not use SSL for RMA and RCC comms?
Why not use SSL for RMA and RCC comms?
Especially for RMA, since most firewalls are already configured to pass SSL traffic? It's a hard sell sometimes to convince IT Security to open up additional ports.
-
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
SSL encryption has nothing to do with TCP ports.
Some standard protocols that use SSL have standard port numbers (e.g. HTTPS 443, IMAP over SSL 993).
However, any port communication can be encrypted using SSL.
You may setup HostMonitor and RMA to use some standard ports, however this will often lead to problems, because RMA and other applications will try to open the same port.
On the other hand you may use Active RMA agents. Active RMA do not require to open incoming port on firewall.
Please check for details at:
http://www.ks-soft.net/hostmon.eng/rma- ... veORactive
Some standard protocols that use SSL have standard port numbers (e.g. HTTPS 443, IMAP over SSL 993).
However, any port communication can be encrypted using SSL.
You may setup HostMonitor and RMA to use some standard ports, however this will often lead to problems, because RMA and other applications will try to open the same port.
On the other hand you may use Active RMA agents. Active RMA do not require to open incoming port on firewall.
Please check for details at:
http://www.ks-soft.net/hostmon.eng/rma- ... veORactive
You say "Active RMA do not require to open incoming port on firewall.", but that ignores the fact that the default outbound ports are not typically open in ANY enterprise environment. I have to answer a whole series of questions to justify opening up 5056/TCP or 5057/TCP.
Of course you are right re:SSL and ports, but if Active RMA were to use HTTPS (443/TCP), for instance, I wouldn't be spending my time justifying this products existence.
Besides, using HTTPS, properly implemented, could provide Hostmon with a recognized standard for the validation of the remote agent.
Of course you are right re:SSL and ports, but if Active RMA were to use HTTPS (443/TCP), for instance, I wouldn't be spending my time justifying this products existence.
Besides, using HTTPS, properly implemented, could provide Hostmon with a recognized standard for the validation of the remote agent.