Recon Security FAQ

  • 7921013
  • 07-Dec-2007
  • 01-Aug-2017


NetIQ PlateSpin Recon


Frequently Asked Questions:

Does Recon use agents to monitor workloads?
No, Recon is an “agent-less” application. When monitoring Unix/Linux based workloads it uses SSH connection to execute performance counters script and retrieve the output. For Windows workloads it uses WMI and Windows Performance Monitor to collect performance metrics.

What ports does Recon use to inventory a server?
Please refer to Knowledge Base Article for details on ports being used during inventory (Windows and Unix/Linux).

What does Recon require in order to add a server to its inventory?
Please refer to Knowledge Base Article for details on workload requirements for inventory (Windows and Unix/Linux).

What IIS and NTFS Permissions required for Recon installation?
Please refer to Knowledge Base Article for IIS and NTFS permissions needed to install a Recon Server. 

Where does Recon saves the workload credentials?
The workload credentials provided by Recon users (via the Credential Manager) are saved within the Recon database.

Does Recon encrypt the credentials information?
Yes, the password are encrypted using 1024 bit RSA encryption.

Where are the RSA keys stored?
The encryption keys used are saved in a special Recon dll file. The keys are encrypted using 128 bit Rijndael (AES) encryption and stored as binary data within the dll file.

How is the password sent to the inventoried and monitored workloads?
When monitoring and inventorying a Unix/Linux workloads the passwords are sent over SSH connection. For Windows based workloads the Recon uses Windows Authentication and no passwords are sent.

What does the Recon Service (running on the Recon Server) do?
The PlateSpin Recon Service is responsible for various server requests on the Recon Server. For example, dispatching internal events, running workflows and tasks, etc.

What ports does the Recon Service uses?
The PlateSpin ReconService x.x.x listens on the following TCP ports:  5030, 5032, 5033, and 5034.  The service only receives connections locally.

What commands are used when inventorying and monitoring Unix/Linux workloads?
Please refer to Knowledge Base Article for the complete list of commands used by PowerRecon for inventory and monitoring of Unix/Linux workloads.