What Is Faddom?
Faddom is an IT asset management and network discovery tool that helps organizations visualize and manage their IT infrastructure. It provides insights into hardware, software, and network components, enabling better resource control, optimization, and planning. By offering automated network discovery, asset management, and performance monitoring, Faddom improves operational efficiency, reduces costs, and enhances IT governance.
How Is Faddom Secure?
Faddom is designed with robust security in mind. It employs robust encryption protocols to protect data during transmission and storage, ensuring that sensitive information remains confidential and intact. Additionally, it adheres to industry-standard security practices and compliance regulations, and is ISO 270001 certified, and undergoes annual third-party penetration testing to ensure ongoing security, including re-testing of high and critical findings. All relevant documentation can be supplied upon request.
It can operate entirely offline within your environment as Faddom does not transmit data to any external target. You maintain full control over access and updates, with seamless integration options for Active Directory, LDAP, and the ability to import your own SSL certificates.
While Faddom can work entirely offline including license activation and upgrades, for automatic updates and CVE Discovery, limited internet access is required. Both of these are optional. Access needs to be granted to https://api.support.faddom.com for both and https://download.faddom.com/ for automatic upgrades. For the CVE Discovery feature, the only data sent to Faddom is the name of the software package and version.
Faddom performs network traffic analysis to gather the dependency data, and, in some cases, may require firewall rules allowing access for integrations with other tools. There is a list below of rules that may need to be implemented. For a full list of rules, you can refer to What ports need to be open for Faddom to function?.
Firewall Rules
The rules that may need to be opened to allow the data into Faddom are below -
In the case of a DMZ or other highly secure environment, one or more proxies can be deployed. This allows the proxy to collect the required data and transmit it to the Faddom server.
Use Case | Reason | Source | Target | Port |
UI Access | Allow end users to access the Faddom UI | Users | Faddom Server | 443/TCP 9443/TCP
*Can use either port |
VM Discovery | Access to vCenter/Prism Central APIs | Faddom server or proxy | vCenter/Prism Central | 443/TCP |
Discovery using a proxy server | Allows a Faddom proxy to communicate with the Faddom server | Faddom Proxy | Faddom Server | Same as the UI access port |
Cloud Discovery | Access to cloud APIs | Faddom Server
Can optionally use an HTTP proxy | AWS/Azure/GCP APIs | 443/TCP |
Dependency mapping using NetFlow/IPFIX | Allow inbound NetFlow and IPFIX traffic to the Faddom server/proxy/sensor
| Netflow/IPFIX sources, e.g. ESX hosts, Nutanix hosts, switches/firewalls | Faddom server/proxy/sensor | 4739/UDP
*Can use any port except 9545.
Default is 4739 |
Dependency mapping using sFlow | Allow inbound sFlow traffic to the Faddom server/proxy/sensor
| sFlow sources e.g. Hyper-V/KVM Hosts/switches/firewalls
| Faddom server/proxy/sensor | 6343/UDP |
Dependency mapping using sensors in VMware | Used for communication with sensor VMs | Faddom Server/Proxy | Faddom Sensors | 9545/TCP |
Further Security Methods
Faddom can be fully integrated into your LDAP system by following our guide Connecting Faddom to LDAP On Linux
Faddom comes with a self signed certificate. If you wish to change this, you can follow our guide Changing the Faddom server SSL certificate. This includes a method for generating one, however, you can also upload your own SSL certificate.