From - Tue Aug 26 07:51:46 1997 Path: news.mitre.org!blanket.mitre.org!nntprelay.mathworks.com!howland.erols.net!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!dispatch.news.demon.net!demon!nick01.demon.co.uk!nick From: Nick de Smith Newsgroups: comp.os.ms-windows.nt.admin,comp.os.vms,comp.protocols.snmp,comp.security.misc,comp.security.unix,comp.unix.admin Subject: Re: Remote administration and security concerns Date: Mon, 25 Aug 1997 17:29:59 +0100 Organization: HIS Technologies AG Sender: Nick de Smith Distribution: inet Message-ID: References: <33FAE507.1F47@us.dg.com> NNTP-Posting-Host: nick01.demon.co.uk X-NNTP-Posting-Host: nick01.demon.co.uk [158.152.21.110] MIME-Version: 1.0 X-Newsreader: Turnpike Version 1.10 Lines: 57 Xref: news.mitre.org comp.os.vms:177179 comp.protocols.snmp:9103 comp.security.misc:42331 comp.security.unix:41340 comp.unix.admin:69547 In article <33FAE507.1F47@us.dg.com>, Bernie Ohls writes >I'm wondering about the various remote administration packages out there >(Unicenter, Tivoli, RoboMon, etc), and just secure they are against >hacking, from a malicious user within the firewall. Or, for that >matter, by a hostile Java applet running under a none too rigorous JVM. > >What bothers me is an allegation (not yet substantiated), that at least >one such product sends commands to a system IN THE CLEAR, sometimes >actually IN TEXT FORM, with very little in the way of authentication. >This is from somebody who claims to know about these things. But I'm no >position to check out his claims myself. > >Now these commands can delete and replace files, bring down system >tasks, etc. So I should think they ought to be at least kerberized, and >preferably encrypted. > >I know very little about these things. I'm just a user - one those guys >whose files might be compromised if this stuff is true. And of course, >I have no way of telling whether this guy's just pulling my leg about >this. > >I'd like to see some discussion, by informed people, of just how secure >these various packages are, so folks don't have to sit up all night >worrying. Thanks. Security related to systems management products has become a real issue. My company has been producing OpenVMS, NT & UNIX systems management tools for several years now (marketed in the US by Raxco). Our products are targetted at the Enterprise Management level for account, disk, queue, password synchronisation etc. control. Authentication, Authorisation & Security (all different subjects) are key issues - traditionally products have been based on technology which does not lend itself well to retro-fitting security. Out approach was to re-engineer & completely re-write our entire product suite (3 million lines of code), maintaining functionality but changing the architecture to one based on an inherently secure backbone - as we are not US based we can use "strong" encryption technology. This re-engineering has involved many person(!)-years of work but it enables a technology where any product using the backbone becomes inherently secure - the benefits are many & obvious (we will also be providing an API for clients to use). The decision to take this route was mine, and whilst it cost us a *lot* of time and money, we now have a product suite that is engineered from the ground up as multi-platform, multi-protocol & strongly secure. Retro-fitting security into an SNMP or similar framework is almost impossible to do reliably. email me at nick.desmith@histech.com if you want to discuss security related issues & systems management, or speak to Raxco about the GENEOUS product suite. HTH, -- Nick de Smith