05-23-2012 05:40 AM
Seeing some a couple attempts to hit my clearpass server from external sites. Showing error messages in the httpd logs are as follows:
File does not exist: /var/www/html/manager
It looks like people are trying to hit a management page, like phpmyadmin, or something similar by going to this:
Any ideas what they're looking for specifically?
I do have all the pages restricted to local IP ranges in the Allowed Access sections of all the Login (Operator and Guest) and Self Registration Pages. I also have 0.0.0.0/0 in the Deny Access ranges with it set to display Blank Pages, because I felt the other settings gave too much away. Yes, I'm picky that way. SSH and Remote Database access are both disabled.
I know with Airwave, since it's CentOS, you can play with IPTables and be a little more restrictive on the Firewall Settings. Does anyone know if this is possible with Clearpass Guest? Running version 3.9. My other Aruba system are all pretty restrictive from outside access, but, I'm not sure what the backend security settings are on Clearpass.
Anyone have any other good "Secure My Server" tips for ClearPass that weren't listed in the Deployment Guide?