Count of total secure infrastructure service instances in Security Segmentation Report may be higher than expected.
Article ID: 389777
Updated On:
Products
Issue/Introduction
The count of total secure infrastructure service instances shown in the Security Segmentation Report may be higher than the count of secure infrastructure services the admin expects.
Environment
SSP 5.0
Cause
In Section 4.3 Secure Infrastructure Services in the Security Segmentation Report, we have the count of total number of infrastructure services displayed as seen in an illustrative image below :
It is important to understand the meaning of the field "Infrastructure Services" and how it is derived in the Security Segmentation Report.
Let us take an example of three infrastructure servers - "infrastructure-server-1", "infrastructure-server-2" and "infrastructure-server-3".
The server "infrastructure-server-1" serves requests for DHCP, NTP and DNS.
The server "infrastructure-server-2" serves requests as a Microsoft Active Directory server.
The server "infrastructure-server-3" serves requests for DHCP only.
Now, the number of infrastructure servers in the above example is three ("infrastructure-server-1", "infrastructure-server-2" and "infrastructure-server-3") and the number of infrastructure services that these infrastructure servers host is five (three by "infrastructure-server-1", one by "infrastructure-server-2" and one by "infrastructure-server-3")
From the above example, in the Security Segmentation Report, the number of infrastructure services is considered as five.
Following are the types of infrastructure services that we identify and analyse using the commonly used ports for that Infrastructure Service in the Security Segmentation Report
|
Infrastructure Service Name
|
Commonly used port for the Infrastructure Service
|
|---|---|
| DNS | 53 |
| DHCP | 67 |
| DHCPv6 | 547 |
| Secure LDAP | 636 |
| LDAP | 389 |
| NTP | 123 |
| Microsoft Active Directory | 389 |
In some datacenter environments, it has been observed that, an infrastructure server can serve requests on ports other than the commonly used ports, mentioned in the table above, for that infrastructure service.
Continuing with the above example, for three infrastructure servers - "infrastructure-server-1", "infrastructure-server-2" and "infrastructure-server-3", let us assume that the "infrastructure-server-2" is also serving LDAP requests on ports 49669, 49691 and 49702.
Since these are three instances of the same service (Microsoft Active Directory) on different and non-standard ports, we treat them as three different services in the Security Segmentation Report.
Hence, from the above example, the count of total secure infrastructure services seen in the Security Segmentation Report will appear as eight with the following breakdown
| Infrastructure Service | Infrastructure Server | Running on Port | Count of services |
|---|---|---|---|
| DHCP |
"infrastructure-server-1", "infrastructure-server-3" |
67 67 |
1 1 |
| NTP | "infrastructure-server-1" | 123 | 1 |
| DNS | "infrastructure-server-1" | 53 | 1 |
| Microsoft Active Directory | "infrastructure-server-2" |
389 49669 49691 49702 |
1 1 1 1 |
| Count of Total Infrastructure Services |
8 |
||
Resolution
There is no specific resolution.
Feedback
