Firewall rules must be configured on the Tanium Endpoints for Client-to-Server communications.
An XCCDF Rule
Description
<VulnDiscussion>In addition to the client-to-server TCP communication that takes place over port 17472, Tanium Clients also communicate to other Tanium-managed computers over port 17472. Without proper firewall configurations, proper TCP communications may not take place as necessary for application functionality. The Tanium environment can perform hundreds or thousands of times faster than other security or systems management tools because the Tanium Clients communicate in secure, linearly-controlled peer-to-peer rings. Because clients dynamically communicate with other nearby agents based on proximity and latency, rings tend to form automatically to match a customer’s topology—endpoints in California will form one ring while endpoints in Germany will form a separate ring.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-254905r960966_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
1. Consult with the personnel who maintain the Enterprise Security Suite to configure host-based and network firewall rules to allow the following:
1A. Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.
2. Consult with the boundary network firewall administrator to create a rule to allow the following: