Security scans - monitor locations, web servers, etc

FAQ posts are linked from the application ocp.outages.io therefore, in no particular order in this forum. This is a work in progress
Locked
KelAuth
Posts: 44
Joined: Thu Mar 05, 2020 12:13 pm

Security scans - monitor locations, web servers, etc

Post by KelAuth »

When reports are in Extended, the Security scan option becomes available.

Security scans have a dual purpose.

Unauthorized ports
One, it can be used to be alerted of unauthorized ports suddenly becoming open on a firewall or a device. Perhaps you were working on something and overlooked a port that needed to be shut down once the job was done. Maybe you were testing something and of course, maybe someone is actively hacking a device you manage.

Note that if ports are found but are 'closed' status, it means that no service is running on that port and therefore an alert is not sent.

Unreachable device
Second, it can also be used to be alerted to something being down or unreachable.
For example, if you run one or more web servers, you can monitor the server/s and the services themselves. Monitor web ports such as 80, 443, chat ports such as 5222 and so on. If port 5222 goes down, an alert would be sent out so that someone could look into it.

Imagine a patient or an elderly person at home, that depends on Internet connectivity for phone service and/or medical equipment. Someone could be alerted if the location is no longer able to communicate.

This can be used for any number of things including making sure security systems are able to reach out and so on.

Enabling a security scan means a task will be created by Outages.io that will periodically check for unauthorized open ports at the location where this agent is installed. If an unauthorized port suddenly becomes available, a notification will be sent to the contact information (if) set in the notifications.

Members can set how often the test should be run from the pick list while organizations can enter an open number.

Examples

Home/office: The agent is running at a home or office will alert the owner immediately if an authorized port suddenly shows up.

Business: The agent is installed at someone's office. The owner or IT person will immediately know if an unauthorized port suddenly shows up.

Web server: A Windows or Linux web server is set to allow ports 80/443 only for example. If any other ports open, someone can be alerted about this.

Just a few examples of why this could be an important feature.

When an agent stops communicating, this service will be disabled either temporarily or permanently.

When the agent becomes abandoned, removed or drops back to Community, this feature is automatically disabled.

Please be sure to set who and how notifications should be handled. Notifications can be sent to anyone that should know such as home owner, IT person, etc.

Locked