Axton, Thanks for the imput. I'm actually looking to provide more guidance to our server security team. When I showed them how to create a user from the command line using arcache (an admin user at that) and then access their system they lost their minds. When I created a form and workflow and showed them that I could access their system as root (the owner of the processes) using $PROCESS$ there were strokes, seizures etc. So now they have asked me what else they need to look for, I was hoping that someone in the list new of a white paper or other document that layed out a security plan for Remedy Servers.
Thanks, Marc Simmons On 7/20/07, Axton <[EMAIL PROTECTED]> wrote:
Some other things to consider: - allowing back ticks in run process commands - run process directory and access - sql injection - relative security of data on the wire (no/weak/strong encryption) - web: xss vulnerabilities - form/field/active link permissions - server hardening - network architecture for related components - protocol implementation (malformed packets causing DoS, etc.); they do exist Patch is probably the incorrect term, you are probably looking to properly configure the system. Only BMC can provide patches, usually in the form of a stripped binary. Axton Grams On 7/20/07, Marc Simmons <[EMAIL PROTECTED]> wrote: > ** > > Hi List, > > Does anyone know of a white paper that details the security risks with > Remedy (ie arcache, arreload, encryption) etc and how to "patch" those > holes. I know that there are bits and pieces of information in the > admin/config guides etc. I was just hoping that there would be a doc that > consolidated all of that information. > > Thanks > -- > Marc Simmons > Remedy Administrator > > "Everyday above ground is a good day... the rest is a choice!" > __20060125_______________________This posting was submitted > with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
-- Marc Simmons Remedy Administrator "Everyday above ground is a good day... the rest is a choice!" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
