Open-AudIT

What's on your network?
It is currently Fri Jan 19, 2018 11:53 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Security questions
PostPosted: Fri Nov 18, 2016 7:24 pm 
Offline
Newbie

Joined: Wed Sep 07, 2016 5:01 pm
Posts: 4
Location: Gdańsk, Poland
Hi. We're considering security of open-audit.
Main question is audit script results that are submitted online. Are they validate somehow ? Will someone be able to make mess by sending corrupt/malicious xml to submit url?
If so - are there known ways to protect from it? Can I modify blessed subnets to accept only from network only when it's is audited ?


Top
 Profile  
Reply with quote  
 Post subject: Re: Security questions
PostPosted: Wed Nov 23, 2016 9:03 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1933
Location: Brisbane, Australia
Quote:
Are they validate somehow ?
The audit result must be valid XML.
Quote:
Will someone be able to make mess by sending corrupt/malicious xml to submit url?
They can certainly do that. Any changes to a device will be recorded in Open-AudIT though. So you'll see that a "bad" audit was submitted pretty quickly.
Quote:
If so - are there known ways to protect from it?
Blessed subnets are your answer.
Quote:
Can I modify blessed subnets to accept only from network only when it's is audited ?
I suppose we could look at something like that. Only accept data when a discovery run is occurring. I'll make a note to give that some thought but to be honest - if you have users in your organisation doing this you have more important issues to worry about!

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group