Skip to content
English
Customer portal
Contact us
  • There are no suggestions because the search field is empty.

What firewall ports are required for my SimpleRisk instance?

As a tool frequently utilized by Information Security professionals, many of our customers seek to secure their SimpleRisk instance by implementing a least privilege approach. However, adopting a DEFAULT DENY policy can lead to various unexpected issues. To ensure your SimpleRisk instance functions smoothly, we have compiled a list of essential services that we recommend allowing.

Inbound Services

  • HTTP (80): In most cases, this port is optional, but highly recommended, as it is used to redirect browsers over to port 443.  If you are not running your SimpleRisk instance over HTTPS, then this port would be required.
  • HTTPS (443): As SimpleRisk is a web-based application, it should be running via HTTPS.  While you technically could run it only over HTTP, it is not recommended from a security perspective.
  • SSH (22): The secure shell service is not required for SimpleRisk to operate, but you will require access via SSH to upgrade the underlying operating system.  We highly recommend locking down SSH access down to a bastion host or VPN and not allowing connectivity via SSH from the Internet.

 

Outbound Services

Your SimpleRisk instance requires connectivity to the following domains over HTTP (port 443) for all of the features to worker properly:

  • services.simplerisk.com (As AWS ELB IP addresses can change, please use a URL firewall rule): Used for license checks to SimpleRisk Extras.
  • updates.simplerisk.com (As AWS ELB IP addresses can change, please use a URL firewall rule): Used to retrieve the latest versions of SimpleRisk software.
  • scf.simplerisk.com (As AWS ELB IP addresses can change, please use a URL firewall rule): Used with the Secure Controls Framework (SCF) Extra to deliver the latest version of the framework and related controls.
  • ping.simplerisk.com (As AWS ELB IP addresses can change, please use a URL firewall rule): Used to retrieve the latest versions of SimpleRisk software.
  • simplerisk-downloads.s3.amazonaws.com (As AWS ELB IP addresses can change, please use a URL firewall rule)
  • raw.githubusercontent.com (140.82.112.4): Used to retrieve the latest versions of SimpleRisk software.
  • olbat.github.io (185.199.108.153, 185.199.109.153, 185.199.110.153, 185.199.111.153): Used to do CVE lookups in the External Reference ID field.