Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 5:42 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
 Post subject: Security questions
PostPosted: Fri Nov 18, 2016 7:24 pm 
Offline
Newbie

Joined: Wed Sep 07, 2016 5:01 pm
Posts: 4
Location: Gdańsk, Poland
Hi. We're considering security of open-audit.
Main question is audit script results that are submitted online. Are they validate somehow ? Will someone be able to make mess by sending corrupt/malicious xml to submit url?
If so - are there known ways to protect from it? Can I modify blessed subnets to accept only from network only when it's is audited ?


Top
 Profile  
Reply with quote  
 Post subject: Re: Security questions
PostPosted: Wed Nov 23, 2016 9:03 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
[quote]Are they validate somehow ?
The audit result must be valid XML.
[quote]Will someone be able to make mess by sending corrupt/malicious xml to submit url?They can certainly do that. Any changes to a device will be recorded in Open-AudIT though. So you'll see that a "bad" audit was submitted pretty quickly.
[quote]If so - are there known ways to protect from it? Blessed subnets are your answer.
[quote]Can I modify blessed subnets to accept only from network only when it's is audited ? I suppose we could look at something like that. Only accept data when a discovery run is occurring. I'll make a note to give that some thought but to be honest - if you have users in your organisation doing this you have more important issues to worry about!

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group