Why not use SSL for RMA and RCC comms?

greyhat64 · Post by **greyhat64** » Tue Jun 18, 2013 2:54 pm

Especially for RMA, since most firewalls are already configured to pass SSL traffic? It's a hard sell sometimes to convince IT Security to open up additional ports.

KS-Soft Europe · Post by **KS-Soft Europe** » Tue Jun 18, 2013 3:15 pm

SSL encryption has nothing to do with TCP ports.
Some standard protocols that use SSL have standard port numbers (e.g. HTTPS 443, IMAP over SSL 993).
However, any port communication can be encrypted using SSL.
You may setup HostMonitor and RMA to use some standard ports, however this will often lead to problems, because RMA and other applications will try to open the same port.
On the other hand you may use Active RMA agents. Active RMA do not require to open incoming port on firewall.
Please check for details at:
http://www.ks-soft.net/hostmon.eng/rma- ... veORactive

greyhat64 · Post by **greyhat64** » Tue Jun 18, 2013 5:58 pm

You say "Active RMA do not require to open incoming port on firewall.", but that ignores the fact that the default outbound ports are not typically open in ANY enterprise environment. I have to answer a whole series of questions to justify opening up 5056/TCP or 5057/TCP.

Of course you are right re:SSL and ports, but if Active RMA were to use HTTPS (443/TCP), for instance, I wouldn't be spending my time justifying this products existence.

Besides, using HTTPS, properly implemented, could provide Hostmon with a recognized standard for the validation of the remote agent.

xcentric · Post by **xcentric** » Wed Jul 03, 2013 12:07 pm

Does this mean the password for rcc connections and rma's are reversible or in plain text?

KS-Soft · Post by **KS-Soft** » Wed Jul 03, 2013 2:05 pm

RCC, HostMonitor, RMA does not send password itself (to each other). You cannot sniff plain password or some data that can be decrypted and receive password.