Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Security questions https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6563 |
Page 1 of 1 |
Author: | mfotek [ Fri Nov 18, 2016 7:24 pm ] |
Post subject: | Security questions |
Hi. We're considering security of open-audit. Main question is audit script results that are submitted online. Are they validate somehow ? Will someone be able to make mess by sending corrupt/malicious xml to submit url? If so - are there known ways to protect from it? Can I modify blessed subnets to accept only from network only when it's is audited ? |
Author: | Mark [ Wed Nov 23, 2016 9:03 am ] |
Post subject: | Re: Security questions |
[quote]Are they validate somehow ? The audit result must be valid XML. [quote]Will someone be able to make mess by sending corrupt/malicious xml to submit url?They can certainly do that. Any changes to a device will be recorded in Open-AudIT though. So you'll see that a "bad" audit was submitted pretty quickly. [quote]If so - are there known ways to protect from it? Blessed subnets are your answer. [quote]Can I modify blessed subnets to accept only from network only when it's is audited ? I suppose we could look at something like that. Only accept data when a discovery run is occurring. I'll make a note to give that some thought but to be honest - if you have users in your organisation doing this you have more important issues to worry about! |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |