cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mcavanagh
By Level 6 Flexeran
Level 6 Flexeran

Has FNMS been tested on:

1:XMl exploide

2:Buffer over run exploid based on an NDI 

3: Is there an pentest report availlable?

Also why is there no secure authentication possible from the agents towards the beacon when they upload their NDI? 

Are there plans to make this more secure? Altough basic authentication is possible it is not secure. 

With a beacon on the internet (DMZ) there is an potential risk in having an indirect opening towards the Application and SQL server. From their information around what software is installed can be collected from all servers. What is very usefull information from hacking.

What are the current plans to make the agent to BEacon communications more secure? 

If you find my answer useful please give kudos, if my answer solves your issue, please make sure to mark as solution
(1) Reply

@mcavanagh 

Flexera conducts regular network penetration testing. The penetration tests are completed by qualified third-party tools. The areas tested include, but are not limited to the following:

  • Active Intrusion Prevention
  • Perimeter Access Rules
  • Technical vulnerabilities (patch management)
  • Configuration Management
  • Cryptographic Controls
  • Application Information Leakage

Any vulnerabilities discovered during testing are entered into the Change Management System by the IT Services Coordinator and tracked for remediation.

You (as a customer) can get access to the penetration test report under NDA with Flexera, please reach out through your CSM or account team.

For the topic of enabling more secure agent - beacon communication I would encourage to raise this as an idea through the Ideas portal 

Thanks,