>As long as any valid centralized HM will be able to update remote agent software, then I'll put my "choice" on that one
I don't think this feature will be implemented. It can be perfect "hole" for attack. Of course operations with remote agent will be password protected. But what happen if somebody somehow gets access to remote agent? Without "update" option hacker can only get some information about system (like amount of free space on drive C:, or list of services started on the system). In the same case using "update" feature hacker will be able to upload and start his own remote agent and get full access to the system.
Regards
Alex
Distributed Monitoring or Client Server type setup
>I don't think this feature will be implemented.
Hey Alex! Dont by 'shy'... or run away from good development!
>It can be perfect "hole" for attack. Of
>course operations with remote agent will be
>password protected. But what happen if
>somebody somehow gets access to remote
>agent?
As for now... anyone who'll like a good picture of +450 servers at our location should go for HostMonitor directly! In that configuration we have admin-prev. listet side by side anyway! Sooo... we do protect HostMonitor in the first place!
I know You're a VERY good programmer, so basic skills within security will do the job here! Remote Agent will *ONLY* talk (if wanted) to specific source IP's. Next will be user/password and crypt. protection. What more can be done? Lots of stuff... So Your security issue dont keep up with the high demand of development, right?
>Without "update" option hacker can only get
>some information about system (like amount
>of free space on drive C:, or list of
>services started on the system). In the
>same case using "update" feature hacker
>will be able to upload and start his own
>remote agent and get full access to the
>system.
No! You will make communication to/from HM and remote Agents very secure... and You can even make this happen over the Internet through firewall's as well... as long as You tell ppl. how to protect them from hackers and blast-open security issues - ie. make sure to use source/destination IP-range, port-range etc. etc. It's not that hard!
If You do have in mind, that remote Agents will be a part of the "new to come", You'll have to implement remote update as well. We cant go around to more than 450 servers to upgrade "new" agents, right? (imho)
Cheers,
Hans Mosegaard
Hey Alex! Dont by 'shy'... or run away from good development!
>It can be perfect "hole" for attack. Of
>course operations with remote agent will be
>password protected. But what happen if
>somebody somehow gets access to remote
>agent?
As for now... anyone who'll like a good picture of +450 servers at our location should go for HostMonitor directly! In that configuration we have admin-prev. listet side by side anyway! Sooo... we do protect HostMonitor in the first place!
I know You're a VERY good programmer, so basic skills within security will do the job here! Remote Agent will *ONLY* talk (if wanted) to specific source IP's. Next will be user/password and crypt. protection. What more can be done? Lots of stuff... So Your security issue dont keep up with the high demand of development, right?
>Without "update" option hacker can only get
>some information about system (like amount
>of free space on drive C:, or list of
>services started on the system). In the
>same case using "update" feature hacker
>will be able to upload and start his own
>remote agent and get full access to the
>system.
No! You will make communication to/from HM and remote Agents very secure... and You can even make this happen over the Internet through firewall's as well... as long as You tell ppl. how to protect them from hackers and blast-open security issues - ie. make sure to use source/destination IP-range, port-range etc. etc. It's not that hard!
If You do have in mind, that remote Agents will be a part of the "new to come", You'll have to implement remote update as well. We cant go around to more than 450 servers to upgrade "new" agents, right?
(imho)Cheers,
Hans Mosegaard
>Hey Alex! Dont by 'shy'... or run away from good development
And who will continue development when I go?
>If You do have in mind, that remote Agents will be a part of the "new to come", You'll have to implement remote update as well. We cant go around to more than 450 servers to upgrade "new" agents, right?
Ok, ok... But this option will be disabled by default.
Regards
Alex
And who will continue development when I go?
>If You do have in mind, that remote Agents will be a part of the "new to come", You'll have to implement remote update as well. We cant go around to more than 450 servers to upgrade "new" agents, right?
Ok, ok... But this option will be disabled by default.
Regards
Alex
>And who will continue development when I go?
Hmmm... Have You been looking in the FAQ for that answer?
>Ok, ok... But this option will be disabled by default.
Okay! Let's agree on that part!
(ooohh... I did'nt put in the Q about "when"..did I?)
Alex now moves back to "delphi-code-computer" and start writting like hell... ooohhh... there he goes... and by surprise we all have a HM v4.00beta with Agents (even remote update as well).. Tsk...Tsk..Tsk...Cheers,
Hans Mosegaard