Very
good point! Would running a secured telnet service
(ssl?) on the WUG Box be an option? I am not sure if Microsofts Telnet
server, or some 3rd party solution is capable of that or
not... Then although the passwords are being sent clear text, it is across
an encrypted channel. You could probably use the Java based telnet client
referenced by Ben Russo (great link Ben!) to telnet from the web client to the
telnet server securely (WUG), then telnet to the remote sites from there?
Not sure if automating that last part would be possible or not... I agree
you would probably not want to use the same password(s) as wug
uses...
Do you
think this scenario would be more secure?
-----Original Message-----Let's put on our security caps and think about this one for a moment.
From: Jay Drew [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 13, 2002 12:28 PM
To: [EMAIL PROTECTED]
Subject: RE: [WhatsUp Forum] Adding Telnet to the web interface
1. The intent of some of the target telnet hosts may be to limit who gets in by IP address.
2. The WUG machine would be a member of that Access Control List
3. I WEB into the WUG machine from a machine outside of that ACL list, telnet to the target machine and have bypassed the "purpose" of the ACL.
4. Bypassing the ACL may be acceptable if you do via a strong host. I don't believe WUG provides that.
A. You web into WUG with a password in the clear because WUG is not using HTTPS.
B Someone snoops the traffic, gets your WUG password AND the login/password for the telnet session. The ACL just became useless.
I fully agree with the intent, but I believe the implementation will provide a security hole that I would find unacceptable.
And by the way, at least in rev 5 of WUG (I haven't looked at rev 7) the account file for WUG users could be viewed with an ascii viewer and you could pick out
username and passwords. Another warm-fuzzy to think about.
Jay
At 09:17 AM 11/13/2002 -0500, you wrote:
There must be a way to telnet from the whatsup server...when you run the ping command from the web interface, it pings from the whatsup server.
- -----Original Message-----
- From: Jason M. Black [mailto:[EMAIL PROTECTED]]
- Sent: Tuesday, November 12, 2002 2:36 PM
- To: '[EMAIL PROTECTED]'
- Subject: RE: [WhatsUp Forum] Adding Telnet to the web interface
- I saw the one on the IPSwitch page. I did not like how it looked and that is why I modified the two files I zipped and sent along.
- As for telneting from the Whatsup server, I do not think it is possible. I tried that a while back.
- __________________________________________________________________
- I think the files I sent are still being sent through the IPSwitch server.
- -----Original Message-----
- From: Jason Humes [mailto:[EMAIL PROTECTED]]
- Sent: Tuesday, November 12, 2002 1:58 PM
- To: '[EMAIL PROTECTED]'
- Subject: [WhatsUp Forum] Adding Telnet to the web interface
- I found an article relating to adding the telnet function to the web interface and I tried it out...involved editing the tools.asp file. It runs the telnet program fine...but the actual connection is originating from the machine that I'm using to view the web...not the actual whatsup server. The device I'm trying to telnet to is not accessible to my local machine, but obviously it is via the whatsup machine. Is there anyway to enable telnet from the web interface, originating from the whatsup servers nic, not that of my local machine. Thanks for the input.
- Jason D. Humes
- Applied Computer Solutions
- 3020 St. Etienne Blvd.
- Windsor, Ont.
- Phone : (519) 944-4300
- Fax : (519) 944-4247
- Email : [EMAIL PROTECTED]
