Our automatic scanning detects exposed web panels (e.g., Cisco ASA) and flags them critical since if MFA is not set up these can be easily infiltrated by threat actors. However if you have MFA enabled on the panels we cannot detect that automatically.
Two types of panels exist with different resolutions.
To resolve the first type of web panels which are solarwinds orion exposed,cisco asa,cisco meraki cloud security appliance,apache druid,apache hadoop,hivemanager,jfrog,apache kafka connect ui,apache kafka monitor,apache kafka topics ui,rabbitmq,radius manager control,rsa self service,apache solr,sonarqube,sphider admin,citrix adc gateway,citrix vpn,fortinet fortigate ssl vpn,fortinet fortiweb,paloalto networks globalprotect,secchecks.misc.pulse connect secure,citrix xenmobile console,vmware workspace one uem airwatch, or sonicwall virtual office here is what we recommend:
- Login to Coalition Control
- Navigate to Security Findings > Active Findings. Select the web panel related Security Finding
- Select 'Resolve' from the Quick View
- Attestate that you have MFA enabled and submit a screenshot by drag and drop
- Submit - Our team will approve and take this security finding off the list. This may take 24 hrs
For administrative web panels which are in the following list , you need to follow the steps above but also remove them from direct internet exposure by making them accessible only via a VPN or restricted IP address:
apache airflow, apache couchdb, apache couchdb fauxton, github enterprise, gitlab, jboss jmx management console, keycloak admin, kubernetes, parallels html5, jamf pro, unifi, mikrotik routeros, f5.bigip.webui, nomad jobs, atlassian jira issue management, fatpipe warp, metabase, jenkins portal, solarwinds web help desk, citrix sharefile, atlassian confluence, microsoft exchange login, microsoft exchange admin center, sonicwall administrator panel, hp iLO, sonicwall network security appliance panel