Endpoint details
Last updated
Last updated
Click the 'Add Endpoint' button.
Enter the URL or IP address to be monitored as the target.
Assign a description and tags.
Confirm that you are authorized to analyze the endpoint.
Define what you want to monitor with Enginsight. It is best to enable all features at the beginning.
Select at least one observer to perform the monitoring. If you are an on-premises customer and have not yet added an Observer, install an Observer. In the SaaS platform, you can also use two provisioned observers (Germany, USA).
Add the endpoint.
Permanent monitoring of the Observer can only be ensured if the IP addresses from which monitoring is performed are not blocked by firewall rules. If necessary, unblock the following IP addresses when using the observers available on the SaaS platform:
164.90.185.111 164.90.231.250 142.93.119.55 142.93.119.52 138.68.93.235 138.68.71.130 139.59.155.98
Optionally allow all A-records from this domain: observers.enginsight.com
Here you will find a list of all your endpoints, including the current risk score and associated severity.
Clicking on an endpoint will take you to the detailed view.
Several windows give you quick information about the security status of your endpoint.
You can find out what is behind each tile below:
Find out from which region your website is monitored and any details about availability, response time and offline time. The timeline next to it visualizes the availability over the hours. The gray markers stand for reachable times of your website, while pink markers show you at which times your website had problems.
The view allows you to search for checks that have been carried out. Quickly record the existing criticality of individual checks, as well as their associated category, the corresponding module and the recorded risk score.
Use the top search bar or the filters on the left-hand side to display the relevant results. Click on a top category in the filter bar on the left to select all characteristics or select the desired filters separately from the list.
Get an overview of existing vulnerabilities.
At the beginning of the entry you will find a classification of the severity. You will also find the official CVSS score (Common Vulnerability Scoring System) for the CVE (Common Vulnerable Exposure) in question and the associated software.
Use the multiedit function to appease several entries with just one click. Furthermore, you can select in the overlay whether the specific CVEs are to be selected or all associated CVEs of the following Common Platform Enumeration.
Select individual vulnerabilities and then click on "Apply" in the top right-hand corner of the screen. The following overlay will then open:
If required, enter a comment which will then be attached to the selected vulnerabilities.
Select the category: "Specific CVEs". Below this you will find a list of all previously selected CVEs.
Confirm your entry by clicking on: "Add action".
Select individual vulnerabilities and then click on "Apply" in the top right-hand corner of the screen. The overlay then opens.
If required, enter a comment, which will then be attached to the selected vulnerabilities.
Select the category: "Common Platform Enumeration".
Then enter the corresponding values under "Vendor", "Product" and "Version". You can easily copy this information from the CVSS vector strings and paste it in the right place.
Confirm your entry by clicking on: "Add action".
Under Settings you will find the destination, and you also have the option of adding a description to your endpoint. Get an overview of assigned tags or add them if required. In the "Regions" area, you will find information about the assignment of the observers.
Advanced settings
You can activate the "Human Accessibility" option in the advanced settings. This setting determines that your website is only displayed as accessible if it returns the HTTP status code 200 (OK). If this option is activated, the website is considered unavailable if it returns a different status code (e.g. 404, 500), even if the server is technically accessible. If you do not activate this option, only the technical accessibility of the server is taken into account, regardless of the status code returned.
Responsibilities
Select a technical manager who is responsible for the maintenance and operation of the server. This person should have sound technical knowledge and be able to solve technical problems quickly.
You should also appoint a specialist from your organization. This person is responsible for the content and functional aspects of the endpoint and ensures that the server meets the business requirements.
Geo-IP Visualisierung
Below the responsibility assignment, you will find a map that shows the geo-IP of your endpoint. This map gives you a visual representation of the geographical location of the server based on the IP address. The blue circle shows the area in which the server is located. Use this information to get a better overview of the geographic distribution of your servers and to assess the potential impact on performance and compliance.
The view shows you which checks your endpoint does not pass and where your configuration fails. Use this information to tackle the issue of compliance in a targeted manner. Work through this list in a targeted manner and use it as proof of legal compliance.
In the technical guideline BSI TR-03116-4, the German Federal Office for Information Security (BSI) provides specifications and recommendations for secure SSL/TLS configuration. The guideline is a good indicator for evaluating the SSL/TLS configuration.Check the compliance of your endpoint.
Use the overview to keep an eye on all applications associated with the endpoint.
Here you will find all information about the application environment of the endpoint that can be detected externally. The Observer creates a footprint of the endpoint and checks for e.g.
CMS,
Web Server,
Frameworks or
Libraries.
The more information an endpoint reveals about the technologies used, the more starting points there are for hackers to launch targeted attacks on the applications. Ideally, an endpoint is configured and programmed in such a way that little can be learned about the technical basis.
All detected applications are presented to you in a clear list. You receive an assessment of how security-critical it is to detect the application from the outside.
Make sure you keep your applications as up-to-date as possible to ensure the security of your systems.
With this in mind, we have decided on the following categorization:
HIGH: Backend-relevant technologies that pose a high risk of serious attacks. e.g. CMS, wikis, blogs, ecommerce, CI, programming languages, databases, runtimes, operating systems, message boards, web server extensions, hosting panels, issue trackers
MEDIUM: Technologies with a medium level of risk, e.g. web servers, development, managed CMS
LOW: Other technologies e.g. UI frameworks or JavaScript libraries
If no version is recognizable, the criticality is reduced. Backend-relevant technologies receive a medium rating, apps categorized as medium receive a low rating.
As proof, you can find out where the Observer detected the application: in an HTTP header, a cookie or in the code of the website itself.
If known vulnerabilities (CVE) are found for the detected version, these are indicated in the list. All application vulnerabilities are also listed separately under Vulnerabilities.
You use the Domain Name System (DNS) to configure various aspects of your domain. DNS is necessary, for example, to assign the appropriate IP to the domain. Proper configuration is necessary for the smooth operation of the website. Monitor your DNS settings by monitoring your DNS records.
You receive all DNS records in a clear list. In addition, Enginsight checks specific, security-relevant DNS records.
To prevent misuse of your domain and secure the SSL/TLS connection, you should use DNS records specially developed for this purpose: CAA, SPF, DMARC. The Observer therefore specifically checks for these three records.
With a CAA record, the domain owner determines which Certificate Authority Authorization may issue an SSL/TLS certificate. The Observer checks for:
Missing contact address for DNS CAA No contact address has been assigned (iodef).
Invalid contact address for DNS CAA The contact address (iodef) contains invalid characters for emails and/or an invalid email format (not abc@def.com)
Unconventional certification authority The certification authority used (issue, wildissue) is not on our whitelist. This includes: letsencrypt.org, globalsign.com, sectigo.com, camerfirma.com, accv.es, actalis.it, amazon.com, pki.apple.com, atos.net, buypass.com, aoc.cat, certigna.fr, www.certinomis.com, ecert.gov.hk, certsign.ro, certum.pl
The SPF protocol makes it possible to authorize IP addresses to send emails with the domain. In this way, third parties can be prohibited from misusing the domain name. The record is effective in preventing phishing emails with the domain. We validate:
Outdated SPF version Check the SPF version used (v), currently only SPF1 exists.
Multiple SPF entries exist Never use multiple SPF entries. Instead, combine several SPFs in a single entry.
SPF entry contains characters after ALL No further entries may follow the optional ALL entry.
Incorrect SPF syntax The entry contains unknown entries (known are: spf1, mx, ip4, ip6, exists, include, all, a, redirect, exp, ptr) and/or unauthorized characters.
The DMARC record defines a procedure for what should be done if the domain is used by an unauthorized IP to send an e-mail. Enginsight checks:
Invalid DMARC policy The DMARC policy (p) has no usual value. Usual values are: none: The sending of emails is not affected. You will only receive a notification. quarantine: Emails that do not pass the DMARC check will end up in the recipient's spam folder. reject: Emails that do not pass the DMARC check should be rejected by the recipient.
Invalid DMARC subdomain policy The DMARC subdomain policy (sp) has no normal value (for values see: DMARC policy)
Invalid DMARC percentage filter specification The optional percentage filter specification (pct) can be used to specify the percentage of messages to be filtered. The value must therefore be between 1 and 100.
Invalid DMARC address for report emails The report email address contains invalid characters or an invalid email format (not abc@def.com)
Invalid DMARC protocol version The version of DMARC (v) must be DMARC1.
Alerts: Invalid SPF DNS record, Invalid CAA DNS record
To receive immediate notification of incorrect DNS records, switch alerts to your endpoints. With the "Invalid CAA DNS record" alert, you can be informed about incorrect CAA DNS records. The "Invalid SPF DNS record" alert warns you of incorrect SPF records.
Here you will receive an analysis and evaluation of the HTTP connection configuration you have made via HTTP headers.
All set HTTP headers are listed and evaluated in an overview:
OK: The HTTP configuration complies with the recommendations.
Avoidable HTTP header: The configuration made unnecessarily reveals a lot of information and therefore makes the HTTP connection potentially vulnerable.
Unknown HTTP header: An unknown HTTP header has been detected that potentially reveals information. Please check the necessity of the HTTP header and remove it if necessary.
The system checks whether all headers important for security have been set. These are:
If headers are not set correctly, a recommendation is issued.
Here you can analyze your ports that are accessible through the Observer. The rating (low, medium, high) indicates whether the ports should normally be publicly accessible.
The Observer checks the following common ports:
With the "New open port" endpoint alert, you can set an alert as soon as the Observer detects a new open port.
Gain insight into your SSL/TLS configurations and check whether the encryption complies with current security standards.
The overview provides information on the certificate used, e.g. the validity, the public key used, which domain the certificate was assigned to and which certification authority issued it.
Our security checks check the SSL/TLS encryption for known vulnerabilities caused by misconfigurations or the use of outdated technologies.
Our security checks check the SSL/TLS encryption for known vulnerabilities caused by misconfigurations or the use of outdated technologies. These are:
It can happen that a certificate is marked as unverifiable in Enginsight, although your browser does not display an error message when you call up the domain there. This is not a false positive. In this case, your browser has cast the certificate chain of a common Certification Authority (CA), which is why it can trace the certificate chain. However, this is not a correct configuration of your SSL/TLS encryption, as the reference to the root certificate is missing in the certificate chain.
You receive an overview of all supported protocols, which are compared with best practice. A rating indicates how critical deviations from the recommendation are.
The "OK" label means that the certificates comply with current security standards and have no critical security gaps.
You receive an overview of all supported ciphers, which are compared with best practice. A rating indicates how critical deviations from the recommendation are.
Name | Recommendation | Description |
---|---|---|
Port | IANA Services |
---|---|
Title | Description |
---|---|