Agentless Windows monitors
Andreas Ericsson
ae at op5.se
Tue Mar 29 13:36:30 CEST 2005
Subhendu Ghosh wrote:
> On Thu, 24 Mar 2005, Glenn Meisenheimer wrote:
>
>> Hi Anthony
>>
>>
>>
>>> Andreas message hits some key dangers to accessing WMI.
>
>
>
> WMI access can be secured
> http://support.microsoft.com/kb/325353/EN-US/
>
Ok, so no client needs to be installed and it can (according to MS
themselves) be done securely, but the configuration process to set it up
still requires hands-on configuration of the machine in question which
will most likely be more confusing than installing a package on each of
the monitored hosts and with a far greater impact if it's done wrong.
I'm not impressed.
> WMI respects existing MS authentication methods.
> 1. WMI obey Native OS access control
> 2. WMI obeys DCOM access control
> 3. WMI obeys access provided to user credentials.
>
> The above KB talks about user credentials, but WMI can also be secured
> at the DCOM level and OS level.
>
> For a decent articel on securing WMI:
> http://redmondmag.com/columns/article.asp?EditorialsID=381
>
If I read this correctly, only the most paranoid settings enable
encryption on the packets sent. Switched networks (catenets) aren't
immune to sniffing as some like to believe, but the paranoia setting
seems to have a very large impact on the CPU since each packet is
checked for credentials. One wonders, do they mean packet as in
"tcp/ip-packet" or packet as in "some obscure MS identification of packet"?
This isn't a rant (well, it isn't intended as one anyway). I just want
to make security conscious users aware of the risks implicit in using
this technique.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Lead Developer
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list