[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] HP Openview DCE RPC Security Concerns
My customer manages their internal machines using HP Openview. With this configuration, a piece of client software is installed on the target machine and Openview talks to it using DCE/RPC. Currently we have quite a few servers deployed on a DMZ and the customer would like to 'monitor' them using the same Openview setup. This involves openening up a number of DCE/RPC ports bidirectionally from the inside to the DMZ and back. I am concerned that if the server in the DMZ gets hacked, someone could then exploit an RPC bug, gain access to the internal Openview machine and then have a free run of the internal network. Is this a valid concern for denying the use of Openview DCE/RPC? Is there a better way to allow the broad functionality of the Openview client, but have it restricted to using some 'simpler and safer' protocol? Obviously it would be nice to monitor the DMZ machines with the Openview client since it reports on all sorts of statistics and watches 'services' as opposed to ping or snmp which give back less information and basically only tell if the machine is up or down. Other people must monitor the resources of their critical machines in the DMZ somehow safely.... -Jon ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|