Required ports for agentless audit
Preview
To ensure smooth performance and optimal functionality of the agentless audit using the Alloy Audit Service, certain TCP and UDP ports need to be open within your secure network, whether it is a domain or LAN. This page provides an overview of the required port settings for various operating systems, network devices, and services.
NOTE: These port configurations do not apply to the agent-based audit process carried out using the Audit Agent.
Windows
To enable successful agentless auditing on Windows systems within your secure network, ensure the following ports are open:
| Port Number | Protocol | Purpose |
|---|---|---|
|
88 |
TCP |
Login and password verification, specifically for Kerberos authentication |
| 135 | TCP | Windows recognition and communication |
| 139 | TCP | Windows recognition |
| 389 | TCP | Information retrieval from Active Directory through LDAP (Lightweight Directory Access Protocol) |
| 445 | TCP | SMB (Server Message Block) communication, primarily for file sharing |
| 5985 | TCP | Remote execution of PowerShell commands |
| The following UDP ports may be important in certain environments. It is advisable to consider opening them if required: | ||
| 135 | UDP | RPC (Remote Procedure Call) communication |
| 139 | UDP | Named pipes communication |
In addition, the following protocols and services may require attention on your firewall:
-
Pipes: Verify that pipes are functional and not blocked by the firewall.
-
RPC: Ensure that your firewall allows RPC traffic for services like WMI (Windows Management Instrumentation).
Linux and macOS
When implementing agentless auditing for Linux or macOS systems within your secure network, make sure to have the following port available:
| Port Number | Protocol | Purpose |
|---|---|---|
|
22 (SSH) |
TCP |
For secure remote access |
VMware ESXi
To enable smooth agentless auditing on ESXi systems, the following ports must be open:
| Port Number | Protocol | Purpose |
|---|---|---|
|
80 |
TCP |
Communication via HTTP |
| 443 | TCP | Secure communication via HTTPS |
| 902 | TCP | ESXi recognition |
NAS (Network-Attached Storage) devices
To facilitate agentless auditing for NAS devices, make sure to keep the following port open:
| Port Number | Protocol | Purpose |
|---|---|---|
| 139 | TCP | NAS devices recognition |
SNMP (Simple Network Management Protocol)
Enabling agentless auditing using SNMP requires the following ports to be open:
| Port Number | Protocol | Purpose |
|---|---|---|
| 161 | UDP | Network monitoring and management |
| The following UDP port may be important in certain environments. It is advisable to consider opening it if required: | ||
| 162 | UDP | SNMP trap notifications. |
Printers
For effective agentless auditing of printers, ensure that the following port is accessible:
| Port Number | Protocol | Purpose |
|---|---|---|
| 9100 | TCP | Printer recognition, particularly printer discovery |
Network scanning
The following ports are used by the network scanning process.
This process detects and identifies active devices on the network and collects only a limited set of data, including such basic attributes as device name, type, etc. For more information on scanning, refer to Network scanning and auditing.
| Port Number | Protocol | Purpose |
|---|---|---|
| 389 | TCP | Information retrieval from Active Directory through LDAP (Lightweight Directory Access Protocol) |
| 53 | UDP | DNS (Domain Name System) resolution |
| 137 | UDP | NetBIOS (Network Basic Input/Output System) name resolution and related services. |
| 138 | UDP | NetBIOS communication |
In addition, the following protocol may require attention on your firewall:
-
ICMPv4: ICMP (Internet Control Message Protocol) does not use ports directly but is essential for functions like ping. Ensure ICMPv4 is enabled for AlloyScan to operate optimally.