Securing console access

cosmik · Post by **cosmik** » Jul 20, 2022 9:28 am this post

I'd like to limit access to the B&R console (hosted on our BR server VM). Would firewalling port 9392 to allow only localhost access do the job?

Would allowing access to 10003/tcp and 9396/tcp only from localhost be a solid idea here?

I'm asking since I'm certain that some advice regarding hardening the BR server included removing the console from the main server altogether. Although feasible in my installation, it would lead to a worse setup security-wise, hence for my questions here...

Post by **PetrM** » Jul 20, 2022 10:52 am this post

Hi Michael,

Please have a look at this table for the full list of used ports.

Thanks!

cosmik · Post by **cosmik** » Jul 20, 2022 10:57 am this post

Hello PetrM,

I've seen the table, in fact that's how I came up with 9392, 10003 and 9396. What I am asking here is:
1) whether B&R will work just fine if the console is firewalled to allow access for these 3 ports only from localhost (that is, someone could not install a console in my network and be able to access the BR server)
2) whether other ports should be included, always with regard to console access

Post by **PetrM** » Jul 20, 2022 10:59 am this post

1) I don't see a reason for any issues with Veeam B&R if firewall rules are correctly set.
2) You should include only those ports that are listed in the table.

Thanks!

R&D Forums

Securing console access

Re: Securing console access

Re: Securing console access

Re: Securing console access

Who is online