I'm new to this community and I also do not have a lot of experience with the McAfee VM so please excuse my questions.
I want to implement the following scenario:
A Vulnerability Manager Scan Engine (appliance) should be placed in the internet and this scan engine should scan our web applications for vulnerabilities (we want to get the view like an prospective attacker will get when he tries to scan/attack our web applications). This Scan Engine should report the results of the scans to an internal Vulnerability Manager. The web application scan activities should be controlled centrally with the internal vulnerability Manager.
*) Is it possible to implement such a scenario in a secure way?
*) Which ports will be used by the external scan engine to transfer the result to the internal vulnerability manager?
*) Will all the result from the external scanner be transfered via a secured channel to the internal VM?
Thanks for your help in advance!
Ports required depends on exactly what components you have installed on the servers in question. To understand how all components interact, and the ports required, refer to the best practises guide here: http://b2b-download.mcafee.com/products/evaluation/mcafee_risk_compliance/v7.5/m anuals/mvm750_best_practices_guide.pdf
As far as I recall, not all communication is secure, but I would need to go back to review this myself. Where will the scan engine be placed - is it a remote data centre? somebodys house?
Hope this helps,
Thanks for your answer and for providing me the best practice guide. The scan Engine will be placed in our datacenter but before the firewall and should report the result to an internal Vulnerability Manager(and scan controller, located behind the firewall). The scan engine should our web application and should provide an attacker's view to our webapplication.
Is it enough to open port 3803 and 443 or are there any other ports necessary?