{}

Nos marques

Consulter notre FAQ

NetBotz v3 | Security Information

Issue:
NetBotz v3 Appliance Security Information

Product Line:
NetBotz v3 (355,450, 455, 550, & 570)

Environment:
NetBotz (all firmware versions)

Resolution:

Network Protocols and Ports
ProtocolTransfer ProtocolPort(s)DispositionNetworkCredentials/AccessEncryptionComments
FTPTCP21Outbound - Not configured by defaultFTP traffic from the NetBotz depends on alarm policy configuration and number of alarms.As specified in the FTP remote server settingsNot supported by FTP
TelnetTCP23Disabled by defaultNetwork requirements are low based on user input.Not supported by telnet.Should only be open temporarily for support reasons.
SMTPTCP25Outbound - Not configured by defaultNetwork requirements are low. Email traffic from the NetBotz depends on alarm policy configuration and number of alarms occurring.As specified in email settings.Requires STARTTLS extensionCommunication with email server
DNSUDP53Outbound - Not configured by defaultVery limited traffic and bandwidth requirementAs specified in external system configurationNot supportedDNS server communication
DHCP ClientUDP68Outbound - Enabled only when DHCP IP address acquisition is enabledVery limited traffic and bandwidth requirementNo credentials availableNot supported by DHCP
HTTPTCP (SSL)80 (443)Inbound (default)Network speed of minimum 100Mbps is recommended. Bandwidth usage between client and server heavily depends on number of discovered devices, alarm configuration and operations carried out in the client e.g. report generation.Manual created user and password (default apc/apc) Authentication server integration support. There is no option to reset client user password. Password policy is not implemented in NetBotz. The password consists of ASCII characters.Server and client negotiate SSL cipher type and key lengthCommunication from NetBotz Appliances / DCE Console / Web API and 3rd party integrations.
NFSTCP/UDP111Depending on system integrationAs specified in external system configurationNot supported by protocolNFS mounted external drive
NTPTCP123Very limited traffic and bandwidth requirementAs specified in time settingsDepending on system integrationNTP server communication
SMBTCP/UDP139Depending on system integrationAs specified in system storage settingsDepending on system integrationSMB communication to NAS/SAN
SNMPUDP161Inbound / Outbound - Enabled by defaultThe bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.Specified in device SNMP configuration. Default community string: publicSNMPv3 offer encryption as configuredChange the default community strings and avoid SNMPv1 when possible
SNMP (Trap)UDP162The bandwidth requirement needed heavily depends on number of discovered devices, polling interval configured, and alarm activity in the system.Specified in device SNMP configurationSNMPv3 offers encryption as configuredSNMP Communication between discovered devices and DCE
CIFSTCP445Depending on system integrationAs specified in external system configurationDepending on system integrationCIFS communication to NAS/SAN
ModbusTCPTCP502The bandwidth needed heavily depends on number of discovered devices, polling interval configured, and alarm activity in the system.Not supported by ModbusTCPNot supported by ModbusTCPModbusTCP Communication from Modbus Device/Gateway
RsyslogUDP514Disabled by defaultDepends on configurationNot supported by rsyslogNot supported by rsyslog
Socks1080Disabled by defaultDepends on traffic over HTTP and HTTPS portsAs specified by the Socks proxy server
NFSTCP/UDP2049Depending on system integrationAs specified in external system configurationNot supported by protocolNFS communication to NAS/SAN


Firewall Configuration
- NetBotz includes an IP Filtering feature.  Configure IP Filtering in Advanced View.

Cybersecurity Considerations
- Where possible, all unnecessary services should be disabled (SNMP, HTTP, etc.).
- Use Strong encryption (AES for SNMPv3, HTTPS, etc.).
- Change the default password and use passwords that are considered strong.
- If SNMP is required, consider changing the V1 community strings, and do not user SNMPv1 thereafter.  Use SNMPv3 instead, configured with SHA and AES-128.

APC Belgium

En savoir plus
Gamme :
En savoir plus
Gamme :