For us, the most important and targeted interfaces are the one called “Administrative Interfaces”, raised with high severity in our Risk Insights:
An administration interface, often referred to as an admin panel or control panel, is a web-based or software-based application that provides authorized users with the ability to manage and control various aspects of a system, application, or network. It typically grants elevated privileges, allowing users to configure settings, access sensitive data, and perform administrative tasks. Administration interfaces are prime targets for hackers on the internet due to the significant power and control they provide over a system or application.
Regarding security best practices, and the criticality of accessed data and functionalities, this kind of interface should not be exposed on Internet. They should only be exposed on specific and private networks, where access is strictly controlled and monitored.
Example :
Administrative Panel : Interfaces VMware ESXi, Portainer, PHPMyAdmin, cPanel, Plex, Dell IDRAC, JMX Console, Magento Admin, CRXDE, etc.
Applicative Interface / Info criticality
On external surface, it also exists many Login interfaces used to reach only applicative functionalities (SaaS product, Mail, FileSharing etc). They are then categorized as “Applicative Interface” with an “info” criticality. These interfaces are intended to be exposed on internet as they allow to reach an application.
However, Patrowl will distinct Login Panel aims to control and manage application or hosted System (Administrative Panel), and others only used to gain access to specific application but, without any administrative functionalities (Applicative Panels)
Example:
Applicative Panels : Roundcube, SSO (Auth0, O365, Okta, etc.), GitLab, Zimbra, OwnCloud, etc.
⚠️ The line between an Administrative Interface and a Applicative Interface can, in some situations, be very thin.
Let’s take a simple example: a basic GitLab interface. The interface allows user to connect and reach the application functionalities (development), but the same interface could also be used with an administrative account to reach critical functionality of the product !
In that specific scenarios, we always categorize the Panel regarding the main functionality of the application. Here, the product is majorly used for development purpose and not for administration, it will be categorized as a “Login Panel”.
If you have any issue or remarks regarding categorization, contact our support teams!
Remote VPN / medium criticality
The last category detected by Patrowl is called “Remote VPN”. Again it is a login interface but with a specific purpose : A remote VPN interface refers to the user interface (UI) or tool that allows a user to establish a secure virtual private network (VPN) connection to a remote server or network. It is commonly used to enable secure access to resources hosted on private networks or to protect data transmitted over public networks.
As they are prime targets for attackers since decades, we decided to categorize the risk as “Medium”. They need to be exposed on internet (it’s their purpose), but updates, configurations and monitoring of access should be carried out with care.
Example:
Ivanti Pulse Secure, Checkpoint VPN, Cisco ASA, Fortinet VPN, NetScaler VPN, etc.
⚠️ Do not confuse Administrative interface and Remote VPN interface. On some product, the product could be the same but interfaces are different. Example, on FortiGate product, you can have 2 Risk Insights in Patrowl
One Administrative Panel Risk which is the interface used to configure the equipment (dangerous - high)
A Remove VPN Risk which is the interface configured on the FortiGate to provide users remote access to specific ressource (legit - info)