Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Device Info Public

SWuser_123SWuser_123 Newbie ✭
in SSL VPN

Hello,

We have yearly external pen tests ran. One item that they recommend is "Configure the affected hosts to not disclose service and version information".

Though, I'm not sure if this is possible? We use SSL VPN so there is an open port which is how the information is out there.

For example, if you go to Shodan, you can see a bunch of info related to SSL VPN. 

Has anyone ever try to hide this or run into the same recommendation?

Thanks!

Category: SSL VPN
Reply

Answers

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    When I look at Censys at a public SSLVPN login I can see that it is identified as SonicOS SSLVPN but that's about it. Shodan shows me even less, simply that it's "Server: web server" and the certificate details.

  • SWuser_123SWuser_123 Newbie ✭

    Sorry, could have sworn I was seeing something on Shodan before, but I guess not.

    They referenced their finding through "responses and headers"

  • ArkwrightArkwright Community Legend ✭✭✭✭✭
    edited June 2023

    In terms of actual useful advice, as opposed to pen test box-ticking:

    • Use GeoIP settings in WAN-WAN access rule to restrict which countries can log in
    • If you know the public IPs of who logs in [fairly unlikely, I guess] put those in access rule
    • Put a schedule on the access rule if you know remote access is only required at certain times
    • Keep your firewall up to date
  • SWuser_123SWuser_123 Newbie ✭

    Thanks for the advice. All good points that I believe we are following besides the restricted times. Unfortunately, we would like to clear up this finding on the report. Or at least explain that it's not possible.

Sign In or Register to comment.