Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Security Impact of Discovery on IT Infrastructure

SNFan
Tera Expert
yesterday

Recently, a client was asking about security best practices when implementing Discovery. Here are five best practices I have used for securing IT infrastructure when using ServiceNow Discovery. Are there other techniques you have used?

 

Use Secure Endpoint Access Protocols

Limit Discovery to encrypted protocols and avoid plain text authentication mechanisms.

For example,

  • Use SSH public / private key authentication rather than SSH password credentials
  • Use SNMP v3 authentication key instead of SNMP v2c community string

 

Endpoint Authorization Management

Follow ‘least privilege’ principles for the service accounts used by ServiceNow Discover to access the endpoints, not root / admin access

  • On Windows, consider if ‘Domain user with local admin’ is sufficient for your requirements, bearing in mind the other controls in place. E.g. CyberArk
  • If not, then consider ‘Just Enough Admin’ (JEA) but be aware of additional testing and data collection limits this may introduce
  • On Unix / Linux – Use sudo rather than root
  • Use CyberArk to store & rotate passwords

 

MID to ServiceNow Communications

Communication between the MID Server and your ServiceNow instance uses secure protocols like HTTPS / TLS. Ensure that the MID servers and ServiceNow instance are patched and leverage the most modern encryption / authentication options available. Ensure TLS v1 and 1.1 protocols are disabled.

 

Network Segmentation and Firewall Configuration

Configure network ACLs (segmentation) to limit the reach of any potential security incident. Configure routers / firewalls to only allow Discovery access from the known MID servers.

Monitor for any unusual traffic patterns that may indicate a security breach.

 

CMDB Access

Within the CMDB, determine if certain data points are sensitive. Consider creating a dedicated ACL / role to limit visibility for these fields. This approach needs to be balanced with introducing a complex ACL model that is difficult to manage and slows the user experience.

  • 130 Views
Popular Blog Posts