I wrote up the second post on doing mass deployments with the systems management system I am using: Bigfix. And I hope that made it clear the trade-offs related to security here.
Any comments are welcome, of course, either here or on the blog itself. http://shawnjefferson.blogspot.com/ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Starks Sent: Tuesday, October 19, 2010 5:16 AM To: [email protected] Subject: Re: [ossec-list] 2WoO Kickoff: the week ahead On 10/18/2010 10:59 PM, Jefferson, Shawn wrote: > Thanks! Before I write it though, one way of doing it with bigfix is to put > the client.keys in a hidden everyone read share. Obviously somewhat insecure > and I wonder what the ramifications of potentially leaking out all your > client.keys are? > > Best case would be to only leave the share up until your deployment is done > of course. > > There are other ways to do it as well that are more secure, but not as > flexible. That right there is the crux of the issue. Almost every solution I have come up with involves this trade-off, but in some situations it's not so bad. I have a couple of methods I will post as well as long as I can complete the testing and posts in the next few days. Otherwise, they'll have to wait a bit. -- Michael Starks [I] Immutable Security http://www.immutablesecurity.com
