Wireless Access

 View Only
  • 1.  Guest Network - nmap show open ports to controller

    Posted Dec 01, 2020 02:35 PM
    We are in the process of setting up a guest network and I am running nmap scans across it to ensure we are blocking traffic to other networks and certain known ports that are highly susceptible to vulnerabilities (SMB, RDP, etc...).
    In doing so I can see there are several open ports to the IP address assigned to the controller on that subnet.

    Here are the open ports:
    17/tcp
    21/tcp
    22/tcp
    80/tcp
    443/tcp
    1723/tcp
    4343/tcp
    8080/tcp
    8081/tcp
    8082/tcp
    8088/tcp

    Should I deny all access to the controller on the Guest network?

    Should I selectively block some ports/services and not others?

    Should some of the services listed above be turned off in the controller's configuration? What commands do it?

    ------------------------------
    Thanks,
    Job
    ------------------------------


  • 2.  RE: Guest Network - nmap show open ports to controller

    Posted Dec 02, 2020 04:13 AM
    Please refer to the ArubaOS Hardening Guide. Chapter 5 (Typical Vulnerability Scan Results) has the list of open ports that you report and what to do with it.

    In general, you should block any port that you don't need to minimize the attack surface, and you can do that with user-roles for your guest users.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------



  • 3.  RE: Guest Network - nmap show open ports to controller

    Posted Dec 02, 2020 11:00 AM
    Thanks for the link Herman. That has the information I was looking for.

    ------------------------------
    Job Cacka
    ------------------------------



  • 4.  RE: Guest Network - nmap show open ports to controller

    Posted Dec 02, 2020 01:56 PM
    After reviewing the above document I added a security rule to the User Role associated with the guest network. It simply denies any traffic to the controller IP address on that Guest SSID/subnet.

    Clients are still able to go to the Web but are unable to detect open ports on the controller using nmap.

    ------------------------------
    Thanks,
    Job Cacka
    ------------------------------



  • 5.  RE: Guest Network - nmap show open ports to controller

    Posted Jul 18, 2024 12:38 PM

    Could you please tell me how did you manage to do that ? That's what i need exactly
    I posted an other message, but i didn't have the response i want. 
    what i mean which policy did you use, and how ?

    thank you 




  • 6.  RE: Guest Network - nmap show open ports to controller

    Posted Jul 22, 2024 04:04 AM

    You responded to very old post.

    Please follow the Hardening Guide (new link to the Support Portal). If you can't make this work, consult your Aruba partner or Aruba support.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------