What is an External Facing asset?
An external-facing asset is an asset that can be accessed from outside the organization. For example, it can be open to the internet, providing content to anonymous users, internal employees, and business partners. An External Facing asset can also enable users to self-register in order to access additional content.
Access the External Facing tag
How is the External Face tag created?
The Vulcan Cyber platform creates the tag automatically once it identifies an external-facing asset. External facing assets are tagged "External Facing" if one (or more) of the below conditions is met:
The Security Group of the asset allows inbound connection on the AWS side.
The IP address of the asset is external-facing.
The asset is connected to an ELB on the AWS side, and the status of the Load Balancer is "Active".
When your Vulcan platform identifies external-facing assets, the tag becomes available at:
Assets > Business Groups & Tags > "External Facing" tag (located under "Tags" on the right pane)
View the conditions that make the External Facing tag
Click the "External Facing" tag to view the default conditions as set by Vulcan (this in case you haven't already changed the default conditions).
Once you open the tag, you get to view:
(a) The default criteria as set by Vulcan
(b) The assets that match the defined conditions
The default conditions are:
External Facing by IP
External Facing by ELB
External Facing by Security Group
What are your options here?
Keep the default conditions as is
Override the default conditions
Create a new External Facing tag with your own customized conditions in addition to the default one
Create a customized External Facing tag
You can create and set your own conditions for an External Facing tag, along with editing the name and the impact score of the tag.
Go to Assets
At the right pane next to Business Groups & Tags, click Add+ > New tag
Click the "Select how to match it" drop-down and select "External facing"
Select the type of your conditioning "Match Any" or "Match All" (aka and/or)
Set your own conditions to define an asset as external.
The Vulcan Cyber Platform has the following built-in "External Facing" identifier:
By Security Group: The Security Group of the asset allows inbound connection on the AWS side.
By IP: Selecting this condition means that the Vulcan Cyber Platform will scan the IP addresses of assets to find the External Facing IP addresses. The scanner disregards internal IP addresses. The internal IP range mainly includes:
Range from 10.0.0.0 to 10.255.255.255 — a 10.0.0.0 network with a 255.0.0.0 or an /8 (8-bit) mask
Range from 172.16.0.0 to 172.31.255.255 — a 172.16.0.0 network with a 255.240.0.0 (12-bit) mask
Range from 192.168.0.0 to 192.168.255.255 — a 192.168.0.0 network with a 255.255.0.0 (16-bit) mask
Range from 169.254.0.0 to 169.254.255.254 — a 169.254.0.0 network with a 255.255.0.0 (16-bit) mask
Range from 127.0.0.0 to 127.255.255.254 — a 127.0.0.0 network with a 255.0.0.0 (8-bit) mask
By External Load Balancer (ELB): The asset is connected to an ELB on the AWS side, and the status of the instance the ELB points to is "InService".
By IP (AWS excluded): Selecting this option means that the IP address of all assets will be checked except for AWS. This option makes the Vulcan scanner disregard IP addresses that are AWS.
This option is useful in the following example cases:
You want to test only external-facing AWS assets only by ELB and Security Groups, but not by IP address.
The host has a public IP in AWS but it isn't external facing.
Edit the Name of the tag and the Impact score, then click Create.
Note: It is important to set the Impact score (Low, Normal, High) as it affects the risk score of the related asset, particularly for high-profile assets (external-facing assets).
Your newly created External Facing tag will appear under the Vulcan tags section.