Has FNMS been tested on:
1:XMl exploide
2:Buffer over run exploid based on an NDI
3: Is there an pentest report availlable?
Also why is there no secure authentication possible from the agents towards the beacon when they upload their NDI?
Are there plans to make this more secure? Altough basic authentication is possible it is not secure.
With a beacon on the internet (DMZ) there is an potential risk in having an indirect opening towards the Application and SQL server. From their information around what software is installed can be collected from all servers. What is very usefull information from hacking.
What are the current plans to make the agent to BEacon communications more secure?
Jan 15, 2021 03:30 AM
Flexera conducts regular network penetration testing. The penetration tests are completed by qualified third-party tools. The areas tested include, but are not limited to the following:
Any vulnerabilities discovered during testing are entered into the Change Management System by the IT Services Coordinator and tracked for remediation.
You (as a customer) can get access to the penetration test report under NDA with Flexera, please reach out through your CSM or account team.
For the topic of enabling more secure agent - beacon communication I would encourage to raise this as an idea through the Ideas portal
Thanks,
Jan 18, 2021 07:44 AM