Not true. Desktops communicate with the Desktop Controller via specially crafted HTTP packets. The packet is an regular HTTP packet, but the contents (the payload) of the packet is encrypted. RSDP uses the account name (rsdp account name, not a windows account name) and password as the encrypting method.
Part of the rationale for this was performance. SSL sesssions eat up CPU time. The session must be established, maintained, and keys swapped, etc. RSDP communications are almost completely asymentrical. The RSDP agent sends data to the controller and pulls down updates. The controller never "pushes" anything to the agents. Thus, its difficult to maintain SSL sessions. And since desktops can come and go offline, maintaining SSL sessions would eat up CPU resources of the desktop controller having to constantly build and destroy SSL sessions. Hence, the decision was made early in RSDP's development to stick with a simpler, more efficient encryption methodology. HTTP packets with an encrypted payload provided a way to do that. While its not impossible to crack the RSDP encryption, it wouldn't yeild much information even if somebody did. All it reports is bare event data and some config information. It wouldn't be terribly useful to a would be attacker. There is no way to use SSL between the RSDP and the desktop controller. Andrew Plato, CISSP President / Principal Consultant Anitian Enterprise Security www.anitian.com ________________________________ From: [EMAIL PROTECTED] on behalf of Sergey V Soldatov Sent: Tue 10/5/2004 3:03 AM To: [EMAIL PROTECTED] Subject: [ISSForum] SSL (TLS) between Dektop controller and Agent Hi All. I've found that Desktop Controller and Agent are communicating via HTTP without any encryption! How can I set up SSL (TLS) for RSDP components to use for communication? Nothing was found in ISS KB and RSDP documentation :-( Thank you all. Good luck! --- Best regards, Sergey V. Soldatov. Information security department. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
