An error occurred:

Check: TANS-CN-000014

Tanium 7.3 STIG: TANS-CN-000014 (in versions v2 r2 through v1 r1)

Title

Firewall rules must be configured on the Tanium Server for Console-to-Server communications. (Cat II impact)

Discussion

An HTML5 based application, the Tanium Console runs from any device with a browser that supports HTML5. For security, the HTTP and SOAP communication to the Tanium Server is SSL encrypted, so the Tanium Server installer configures the server to listen for HTTP and SOAP requests on port 443. Without a proper connection to the Tanium Server, access to the system capabilities could be denied. Port Needed: To Tanium Server over TCP port 443. Network firewall rules: Allow HTTP traffic on TCP port 443 from any computer on the internal network to the Tanium Server device. https://docs.tanium.com/platform_install/platform_install/reference_network_ports.html.

Check Content

Consult with the Tanium System Administrator to verify which firewall is being used as a host-based firewall on the Tanium Server. Access the host-based firewall configuration on the Tanium Server. Validate a rule exists for the following: Port Needed: From only designated Tanium console user clients to Tanium Server over TCP port 443. If a host-based firewall rule does not exist to allow only designated Tanium console user clients to Tanium Server over TCP port 443, this is a finding. Consult with the network firewall administrator and validate rules exist for the following: Allow TCP traffic from only designated Tanium console user clients to Tanium Server over TCP ports 443. If a network firewall rule does not exist to allow traffic from only designated Tanium console user clients to Tanium Server over TCP port 443, this is a finding.

Fix Text

Configure host-based firewall rules on the Tanium Server to include the following required traffic: Allow TCP traffic on port 433 to the Tanium Server from designated Tanium console user clients. Configure the network firewall to allow the above traffic.

Additional Identifiers

Rule ID: SV-234057r612749_rule

Vulnerability ID: V-234057

Group Title: SRG-APP-000383

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001762

The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7 (1)

Periodic Review