Rule Check: Network Service Accessibility
The Network Service Accessibility check tests whether only the specified ports are open on the server's interfaces. The Halo agent performs the check by interrogating the network services from within the server, and the Halo analytics engine verifies that the open ports are accessible from the Internet.
If the Halo agent finds unexpectedly open ports, it reports (in the failed check) which software processes are bound to them. This information can help you to investigate potential undesirable network services and malware.
Note: If you want to generate a list of the currently open ports on a server, you can effectively accomplish that by specifying "0" in the expected open ports field. If any ports are open, the check will fail and the results will list those ports.
The name of the interface device that the service(s) are expected to run on. Can be a single interface name or a comma-delimited list. Must be the interface device name (such as
Note: In the scan results for a configuration scan in which this check has been applied, the presence of an asterisk (
The port or ports expected to be open on the specified interface(s) on this server. Should be the port number followed by UDP or TCP (for example,
To enter a range of port numbers, use a colon (for example, 60000:61000/TCP). The range includes the beginning port number, the ending port number, and all port numbers between them.
The list of ports can be up to 2048 bytes long.
|Remedial Suggestion (optional)||