Symantec Security Assessment: The Bomgar Box

PDF Version (61KB)   Email This Item

Bomgar Security Architecture

During the assessment, Symantec identified aspects of Bomgar's security architecture that offer protection against a variety of threats that exist within this type of application architecture.

1. A Dedicated Hardware Appliance

By default, the Bomgar Box™ ships as a self-contained, hardened application server appliance. In order to ensure that the installed versions of server components remain up-to-date with respect to possible security issues, the Bomgar Box™ appliance architecture supports functionality to allow an administrator to conduct a full update of critical service components deployed.

Symantec conducted port scans of the Bomgar Box™ and found that only three network ports were enabled and responsive in the default configuration. An evaluation of the server configuration revealed that the Bomgar Box™ ships with extraneous network services disabled, limiting network connectivity to HTTP (TCP 80) and HTTPS (TCP 443) ports and an alternative HTTPS port (TCP 8200). During testing, the limited exposure of network services successfully prevented access to the network interfaces of other server components.

Additionally, access to the administration interface for the Bomgar Box™ occurs over an encrypted web connection and can be restricted to the local console port and/or a specified network segment. This protects against a remote attacker with network access to the appliance gaining unauthorized access to administration functions.

Symantec found that operating system layer vulnerabilities were sufficiently mitigated by compensating controls that limited possible attack vectors.

The Adobe® logo is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries.