Check: TANS-CL-000004
Tanium 6.5 STIG:
TANS-CL-000004
(in versions v1 r3 through v1 r2)
Title
Firewall rules must be configured on the Tanium Endpoints for Client-to-Server communications. (Cat II impact)
Discussion
In addition to the client-to-server TCP communication that takes place over port 17472, Tanium Clients also communicate to other Tanium-managed computers over port 17472. The Tanium environment can perform hundreds or thousands of times faster than other security or systems management tools because the Tanium Clients communicate in secure, linearly-controlled peer-to-peer rings. Because clients dynamically communicate with other nearby agents based on proximity and latency, rings tend to form automatically to match a customer's topology--endpoints in California will form one ring while endpoints in Germany will form a separate ring. https://kb.tanium.com/Port_Configuration_v6.5
Check Content
Note: This check is performed for the Tanium Endpoints and must be validated against the HBSS desktop firewall policy applied to the Endpoints. Consult with the HBSS administration for assistance. Validate a rule exists within the HBSS HIPS firewall policies for managed clients for the following: Port Needed: Tanium Clients or Zone Clients over TCP port 17472, bi-directionally. If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, this is a finding. Consult with the network firewall administrator and validate rules exist for the following: Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network. If a network firewall rule does not exist to allow TCP port 17472 from any managed computer to any other managed computer on the same local area network, this is a finding.
Fix Text
Configure host-based and network firewall rules as required.
Additional Identifiers
Rule ID: SV-81467r1_rule
Vulnerability ID: V-66977
Group Title: SRG-APP-000142
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000382 |
The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |