Vulnerability and Security Inquiry about Lansweeper

If we understood you correctly you're looking to open up inbound traffic on the listen port on one of your scanning servers (default TCP 9524) for the purpose of being able to run direct to server LsPush scans. We would not recommend this course of action as LsPush traffic currently runs over http and the agent is not designed for use over the internet. In our next release, version 6.0.100.0, which is currently in beta we did add a change that will send LsPush traffic over https instead, though we still don't officially recommend to send it over the internet. We are planning on adding an echo service in a future release to accommodate LsPush request over the internet though we currently don't have an estimated release date for this feature yet. We've tagged your ticket as a feature request to we can add you to the list of customers interested in this feature. If you wish, we could add you to our beta tester list so you are notified whenever a new release is available in beta.

In regards to the vulnerability level of opening your scanning server's listen port to the internet. While opening up any port to the internet carries some level of risk with it, your credentials would not be at direct risk. As your credentials are stored in your database, if someone were to somehow be able to access a scanning server, they would not be able to access your database without knowing your connection string. In version 6.0.100.0 we're also adding obfuscation to the connection string in your config files. On top of that, if your database were somehow compromised, your passwords would be extremely difficult to decrypt. The passwords in your database are stored as a salted hash, encrypted with the encryption file that is unique to your Lansweeper installation.