Permitting access for the Agent (allowlist)

Overview

When performing security assessments, it is commonly recommended to make a few adjustments to the firewall's allowlist configuration to ensure the accuracy of testing, as well as to maximize the time spent on assessments. These allowlist configurations can allow testing procedures to operate without interruptions or being blocked by security controls such as IDS IDS stands for Intrusion Detection System. An IDS is a cybersecurity control designed to monitor and analyze network or system activity for indications of malicious actions or policy breaches., IPS An Intrusion Prevention System (IPS) is a network security solution that monitors traffic, identifies potential threats, and actively blocks malicious connections in real time., WAF A Web Application Firewall (WAF) is a security solution that safeguards web applications from common threats like SQL injection, cross-site scripting (XSS), and malicious bots. It enables users to define custom rules for managing web traffic, thereby enhancing both protection and monitoring capabilities. etc.

It should be noted that, if the client does not wish to allowlist the source IP addresses, testing activities may be limited, and therefore, the results may not be as detailed.

External Network Pentests

NOTE  This is only for external security assessments. Please use the correct region's IP addresses.

There are some situations when you might want to allowlist Vonahi's public IPs used for pentesting to simulate a situation where your security controls are not functioning as expected. We host and launch an external agent when an external network pentest is scheduled.

If you use this URL—https://app.vpentest.io—to login into vPenTest, these are the source IPs for attacks if you're using the US-East hosted version of vPenTest.

• 34.203.65.38

• 54.157.67.248

• 3.92.230.194

If you use this URL—https://emea.app.vpentest.io—to login into vPenTest, these are the source IPs for attacks if you're using the Germany hosted version of vPenTest.

• 18.198.198.250

• 63.176.190.78

• 63.177.210.107

Internal Network Pentests

NOTE  This is only required for internal security assessments. Please use the correct region's endpoints.

In most cases, if your organization allows port 443/tcp (https), 80/tcp (http) and 123 (ntp) outbound traffic without restrictions to the destination domains, your Internal Agent should not experience any communication issues. However, if you simply want to explicitly allowlist the endpoints that the Internal Agent requires in order to communicate to vPenTest, please use the following list of endpoints.

United States Region

Use the list below if you log into the US instance and use https://app.vpentest.io to log into vPenTest.

Allow port 443/tcp (https) outbound to all of the following endpoints:

• 708332864587.dkr.ecr.us-east-1.amazonaws.com

• 708332864587.dkr.ecr-fips.us-east-1.amazonaws.com

• api.ecr.us-east-1.amazonaws.com

• app.vpentest.io

• ec2messages.us-east-2.amazonaws.com

• ecr-fips.us-east-1.amazonaws.com

• ecr.us-east-1.amazonaws.com

• kms.us-east-2.amazonaws.com

• ssm-fips.us-east-2.amazonaws.com

• ssm.us-east-2.amazonaws.com

• ssmmessages.us-east-2.amazonaws.com

• sts.amazonaws.com

• registry.community.greenbone.net

• snapcraft.io

Allow port 443/tcp (https) and 80/tcp (http) outbound for all of the following endpoints:

• *.ubuntu.com

• *.docker.com

• *.github.io

• *.rubygems.org

• *.canonical.com

• *.snapcraftcontent.com

Allow port 123/udp (ntp) to the following endpoint:

• pool.ntp.org

NOTE  If you prefer to use an internal time server, you can add a host entry in your Ubuntu instance to DNS resolve pool.ntp.org to your local time server's IP address.

German Region

Use the list below if you log into the EMEA instance and use https://emea.app.vpentest.io to log into vPenTest.

Allow port 443/tcp (https) outbound to all of the following endpoints:

• 708332864587.dkr.ecr.eu-central-1.amazonaws.com

• 708332864587.dkr.ecr-fips.eu-central-1.amazonaws.com

• api.ecr.eu-central-1.amazonaws.com

• emea.app.vpentest.io

• ec2messages.eu-central-1.amazonaws.com

• ecr-fips.eu-central-1.amazonaws.com

• ecr.eu-central-1.amazonaws.com

• kms.eu-central-1.amazonaws.com

• ssm-fips.eu-central-1.amazonaws.com

• ssm.eu-central-1.amazonaws.com

• ssmmessages.eu-central-1.amazonaws.com

• sts.amazonaws.com

• registry.community.greenbone.net

• snapcraft.io

Allow port 443/tcp (https) and 80/tcp (http) outbound for all of the following endpoints:

• *.ubuntu.com

• *.docker.com

• *.github.io

• *.rubygems.org

• *.canonical.com

• *.snapcraftcontent.com

Allow port 123/udp (ntp) to the following endpoint:

• pool.ntp.org

NOTE  If you prefer to use an internal time server, you can add a host entry in your Ubuntu instance to DNS resolve pool.ntp.org to your local time server's IP address.

During some troubleshooting purposes, you may be asked to create an additional allowlist so that our development team can temporarily connect directly to your Agent. The endpoint for this will vary and, therefore, has not been provided in this list.

Permitting exclusions

NOTE  These exclusions are optional depending on if you're trying to test the efficacy of your tools or if you want to bypass the tools to perform your assessments.

Modern and advanced security tools/features such as IPS/IDS, EDR Endpoint Detection and Response (EDR) is a cybersecurity solution that continuously monitors and analyzes data from endpoints such as laptops, desktops, mobile devices, servers, and cloud environments. Its primary goal is to detect suspicious behavior, automatically respond to threats, and support in-depth investigations through forensic tools. By taking a proactive stance, EDR helps organizations quickly identify and mitigate potential security incidents., MDR Managed Detection and Response (MDR) is a cybersecurity service that delivers real-time threat detection and response through continuous monitoring of systems and networks. It leverages threat intelligence, incident response capabilities, and alert management to identify and address malicious activity. By taking a proactive approach, MDR helps organizations reduce risk and strengthen their overall security posture., SOC, XDR Extended Detection and Response (XDR) is a security solution that unifies multiple security tools into a single platform to enhance threat detection and incident response. By consolidating data from various sources, XDR provides a comprehensive view of potential threats across different environments. This integrated approach streamlines security operations and boosts the efficiency of threat mitigation efforts. are all designed to analyze, detect and take some sort of action against potential malicious activity. A pentest is ethical but follows the methodology and same steps a malicious attacker would take and therefore could be detected as such by the various tools. To avoid issues, business disruption or false alarms we recommend that you allowlist our external IP for external assessments and internal Agent IP for internal assessments.