I figured as much. What's the ramification of someone having the client key?
I assume they could: 1. Decode log traffic. 2. Potentially inject log traffic. ?? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Starks Sent: Tuesday, October 19, 2010 5:16 AM To: [email protected] Subject: Re: [ossec-list] 2WoO Kickoff: the week ahead On 10/18/2010 10:59 PM, Jefferson, Shawn wrote: > Thanks! Before I write it though, one way of doing it with bigfix is to put > the client.keys in a hidden everyone read share. Obviously somewhat insecure > and I wonder what the ramifications of potentially leaking out all your > client.keys are? > > Best case would be to only leave the share up until your deployment is done > of course. > > There are other ways to do it as well that are more secure, but not as > flexible. That right there is the crux of the issue. Almost every solution I have come up with involves this trade-off, but in some situations it's not so bad. I have a couple of methods I will post as well as long as I can complete the testing and posts in the next few days. Otherwise, they'll have to wait a bit. -- Michael Starks [I] Immutable Security http://www.immutablesecurity.com
