Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Mon Mar 30, 2020 7:54 am

View unanswered posts | View active topics


Board index » Open-AudIT » Discussion

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
mfotek
 Post subject: Security questions
PostPosted: Fri Nov 18, 2016 7:24 pm 
Offline
Newbie

Joined: Wed Sep 07, 2016 5:01 pm
Posts: 4
Location: Gdańsk, Poland
Hi. We're considering security of open-audit.
Main question is audit script results that are submitted online. Are they validate somehow ? Will someone be able to make mess by sending corrupt/malicious xml to submit url?
If so - are there known ways to protect from it? Can I modify blessed subnets to accept only from network only when it's is audited ?
Top
 Profile  
Reply with quote  
Mark
 Post subject: Re: Security questions
PostPosted: Wed Nov 23, 2016 9:03 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Quote:
Are they validate somehow ?
The audit result must be valid XML.
Quote:
Will someone be able to make mess by sending corrupt/malicious xml to submit url?
They can certainly do that. Any changes to a device will be recorded in Open-AudIT though. So you'll see that a "bad" audit was submitted pretty quickly.
Quote:
If so - are there known ways to protect from it?
Blessed subnets are your answer.
Quote:
Can I modify blessed subnets to accept only from network only when it's is audited ?
I suppose we could look at something like that. Only accept data when a discovery run is occurring. I'll make a note to give that some thought but to be honest - if you have users in your organisation doing this you have more important issues to worry about!

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 2 posts ] 

Board index » Open-AudIT » Discussion

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group