The encryption is not documented in the doc if that is the question 😊
There are 2 options for the encryption
* Rijndael
* Base64 (which is not really encryption, more a way to hide it a little
😊)
And which of the 2 is used depends on the setting under
Setup\general\startup Setting\Use high encryption
for password storage (checked=Rijndael)
Dirk Bulinckx
From: [email protected] <[email protected]> On Behalf Of
Demeulemeester, Pieter
Sent: Wednesday, 22 March 2023 08:11
To: [email protected]; Bill Tkach <[email protected]>; Dirk Bulinckx
<[email protected]>
Subject: RE: [SA-List] (Cisco) switch configuration check via Servers Alive
<mailto:[email protected]> @Bill Tkach, side note: I run the SA service
with the credentials of a Group Managed Service Account
(https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview).
That account has access to all the Windows servers/services that I want to
check, so I don't need additional credentials for checks to Windows devices.
But that doesn’t work for ssh (or other) devices of course.
<mailto:[email protected]> @Dirk Bulinckx, Is there anywhere a description of
the encryption used by SA to store passwords?
Kind regards,
Pieter
From: [email protected] <mailto:[email protected]>
<[email protected] <mailto:[email protected]> > On Behalf Of Dirk
Bulinckx
Sent: dinsdag 21 maart 2023 22:44
To: [email protected] <mailto:[email protected]> ; Bill Tkach
<[email protected] <mailto:[email protected]> >; [email protected]
<mailto:[email protected]>
Subject: RE: [SA-List] (Cisco) switch configuration check via Servers Alive
The passwords that are used, are stored in the entries file, and of course in
an encrypted way.
Dirk
On March 21, 2023 10:33:18 PM GMT+01:00, Bill Tkach <[email protected]
<mailto:[email protected]> > wrote:
On a slightly related note, how does SA store it’s credentials securely. Say if
someone gained access to the server, is it all encrypted somewhere?
When I put all these high level credentials into SA, what does it do to ensure
that those passwords/credentials are secured against prying eyes, or someone
snagging the configuration folder?
Just thinking about what could happen if SA was compromised, since it does
connect to everything to do it’s testing, and adding switches to the mix
increases it’s risk factor. It becomes a target.
Bill
Tkach
| City of Parksville
| <tel:250%20954-4664> 250 954-4664
From: [email protected] <mailto:[email protected]>
<[email protected] <mailto:[email protected]> > On Behalf Of Dirk
Sent: Tuesday, March 21, 2023 8:11 AM
To: [email protected] <mailto:[email protected]>
Subject: RE: [SA-List] (Cisco) switch configuration check via Servers Alive
EXTERNAL EMAIL
SA would need SSH access to the switch(es) in order to get the running
configuration, and with that running configuration we can compare it to the
“previous” one (previous being the previous one we got from the switch). The
commands are just “getting” info, not writing info to the switch.
Dirk Bulinckx
From: [email protected] <mailto:[email protected]>
<[email protected] <mailto:[email protected]> > On Behalf Of Bill
Tkach
Sent: Tuesday, 21 March 2023 16:09
To: [email protected] <mailto:[email protected]>
Subject: RE: [SA-List] (Cisco) switch configuration check via Servers Alive
Can you give a brief description of what the process would involve, so I can
get an idea of how it may affect the switches?
Would this require SA to have logon access to each switch, to grab information
from it?
Bill
Tkach
| City of Parksville
| <tel:250%20954-4664> 250 954-4664
From: [email protected] <mailto:[email protected]>
<[email protected] <mailto:[email protected]> > On Behalf Of Dirk
Bulinckx
Sent: Monday, March 20, 2023 10:54 AM
To: [email protected] <mailto:[email protected]>
Subject: RE: [SA-List] (Cisco) switch configuration check via Servers Alive
EXTERNAL EMAIL
That would be the idea.
Would you be willing to beta test the check if we make it?
Dirk
On March 20, 2023 6:47:39 PM GMT+01:00, Bill Tkach <[email protected]
<mailto:[email protected]> > wrote:
We use them, do you mean to check to ensure no one has altered the configs
unexpectedly?
That could be a good check of validity.
Bill
Tkach
| City of Parksville
| <tel:250%20954-4664> 250 954-4664
From: [email protected] <mailto:[email protected]>
<[email protected] <mailto:[email protected]> > On Behalf Of Dirk
Sent: Monday, March 20, 2023 9:49 AM
To: [email protected] <mailto:[email protected]>
Subject: [SA-List] (Cisco) switch configuration check via Servers Alive
EXTERNAL EMAIL
Hi
Is anybody using Cisco switches, and interested in a way to check for a config
change (of the switch) via Servers Alive?
(or other brand 😊)
Dirk Bulinckx
To unsubscribe from this list please go to https://www.simplelists.com
<https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.simplelists.com%2F&data=05%7C01%7Cpieter.demeulemeester%40broedersvanliefde.be%7C93e716853c3a493e8cdb08db2a558c67%7Cf24d00c823a548f48d9dffed9b778506%7C0%7C0%7C638150319149128663%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ybut9uQRUdXLFu7yFk%2Bd2wFyExSXJeRIuN1p9ciO4k4%3D&reserved=0>
To unsubscribe from this list please go to https://www.simplelists.com
<https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.simplelists.com%2F&data=05%7C01%7Cpieter.demeulemeester%40broedersvanliefde.be%7C93e716853c3a493e8cdb08db2a558c67%7Cf24d00c823a548f48d9dffed9b778506%7C0%7C0%7C638150319149128663%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ybut9uQRUdXLFu7yFk%2Bd2wFyExSXJeRIuN1p9ciO4k4%3D&reserved=0>
To unsubscribe from this list please go to https://www.simplelists.com
<https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.simplelists.com%2F&data=05%7C01%7Cpieter.demeulemeester%40broedersvanliefde.be%7C93e716853c3a493e8cdb08db2a558c67%7Cf24d00c823a548f48d9dffed9b778506%7C0%7C0%7C638150319149128663%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ybut9uQRUdXLFu7yFk%2Bd2wFyExSXJeRIuN1p9ciO4k4%3D&reserved=0>
To unsubscribe from this list please go to https://archives.simplelists.com
<https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchives.simplelists.com%2F&data=05%7C01%7Cpieter.demeulemeester%40broedersvanliefde.be%7C93e716853c3a493e8cdb08db2a558c67%7Cf24d00c823a548f48d9dffed9b778506%7C0%7C0%7C638150319149128663%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2wea4p54mgnE9GadPHupMuSdAvfIhke79oSmE3CdHNU%3D&reserved=0>
To unsubscribe from this list please go to
https://archives.simplelists.com/confirm/?u=SvtWxXw9d394EfHUHworDewz2t4ZikxC
<https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchives.simplelists.com%2Fconfirm%2F%3Fu%3DSvtWxXw9d394EfHUHworDewz2t4ZikxC&data=05%7C01%7Cpieter.demeulemeester%40broedersvanliefde.be%7C93e716853c3a493e8cdb08db2a558c67%7Cf24d00c823a548f48d9dffed9b778506%7C0%7C0%7C638150319149284869%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=rP9fLygBTJibapriOyTsJvgQcoroTCmKKhImltj%2Bk8g%3D&reserved=0>
To unsubscribe from this list please go to https://www.simplelists.com
<https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.simplelists.com%2F&data=05%7C01%7Cpieter.demeulemeester%40broedersvanliefde.be%7C93e716853c3a493e8cdb08db2a558c67%7Cf24d00c823a548f48d9dffed9b778506%7C0%7C0%7C638150319149284869%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1dYFlu12YjLrH0YfboYBjVWI16wxwvSYd9dvpY9wilw%3D&reserved=0>
--
Composed on a mobile device.
To unsubscribe from this list please go to https://www.simplelists.com
<https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.simplelists.com%2Fconfirm%2F%3Fu%3DzS2GaQk9WP83GI5TpHeSRy5BJCM6Za2Y&data=05%7C01%7Cpieter.demeulemeester%40broedersvanliefde.be%7C93e716853c3a493e8cdb08db2a558c67%7Cf24d00c823a548f48d9dffed9b778506%7C0%7C0%7C638150319149284869%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nigU%2FWbGIesJWP45aZ2wnKehv8wLCXfVvOzQl0tpV2E%3D&reserved=0>
_____
Dit bericht wordt verzonden vanuit een e-mailadres voor professioneel gebruik.
De verantwoordelijken binnen de organisatie kunnen kennis nemen van alle
berichten verzonden naar dit adres.
Le présent message est envoyé d'une adresse e-mail pour usage professionnel.
Les responsables de l'organisation peuvent prendre connaissance de tous les
messages envoyés à cette adresse.
This message is sent from an e-mail address for professional use only. The
persons in charge of the organisation may take note of all messages sent to
this address.
To unsubscribe from this list please go to https://www.simplelists.com
To unsubscribe from this list please go to
https://www.simplelists.com/confirm/?u=8KIchYygV3kz4QXQydZqUA2M0dRvmk7K
