Finally, the last of the technical requirements that we listed back in section 4.1 was that the network audit agent must be able to post the information that it collects back to the central repository where you want to keep this information (i.e. your ENT Server). This basically implies that your Enterprise Server must be available to any network audit agents that you install.
This is a little bit like the situation that we described in section 4.3 except that now we need to establish a connection to our Enterprise Server, rather than to the individual machines that we want to audit. That makes our job simpler in two ways.
Firstly, we only need to establish a connection to a single machine (we don't need to be able to connect to every machine on a remote network) – which means we can do what we want fairly easily using port forwarding, if necessary.
Secondly, all communication between the network audit agents and Enterprise Server takes place over the ubiquitous HTTP protocol (which does not have the same security problems that RPC comes bundled with). Enterprise Server is, in fact, just a web site that you have running under Internet Information Services, so making your Enterprise Server available to remote audit agents is no more complicated or insecure that setting up your average web site.
So how does this work in practice? Let's imagine your ENT Server is installed on your main network, which is connected to the internet via a firewall/router that has NAT enabled. As such, it's not possible to address or ping any of the machines on your main network from the outside world. Imagine also that you want to install ENT Network Monitor on a remote network which has it's own separate connection to the internet. Since from the remote network, the only device on our main network that we can connect to is the firewall, we need to configure the firewall to forward any requests to a particular port, through to IIS (Internet Information Services) on the machine where our ENT Server has been installed on the main network.
This is an example of what is known as port forwarding, which enables us to use the firewall/router to minimize our potential security exposure by only forwarding requests that are made to a particular (known) port and these requests will only be forward to one particular machine (the machine where ENT Server is installed). Meanwhile, the other machines on our main network remain inaccessible from the outside world.
We'll go into a lot more detail about this later on in the Security chapter. For the moment though, let's move on and talk about our machine auditing agent: EntAudit.exe.
