Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] SSL (TLS) between Dektop controller and Agent

from [Andrew Plato] Network Security [Permanent Link]
Subject: RE: [ISSForum] SSL (TLS) between Dektop controller and Agent
Date: Tue, 5 Oct 2004 16:00:29 -0700 
Not true. Desktops communicate with the Desktop Controller via specially 
crafted HTTP packets. The packet is an regular HTTP packet, but the contents 
(the payload) of the packet is encrypted. RSDP uses the account name (rsdp 
account name, not a windows account name) and password as the encrypting 
method. 

Part of the rationale for this was performance. SSL sesssions eat up CPU time. 
The session must be established, maintained, and keys swapped, etc. RSDP 
communications are almost completely asymentrical. The RSDP agent sends data to 
the controller and pulls down updates. The controller never "pushes" anything 
to the agents. Thus, its difficult to maintain SSL sessions. 
 
And since desktops can come and go offline, maintaining SSL sessions would eat 
up CPU resources of the desktop controller having to constantly build and 
destroy SSL sessions. Hence, the decision was made early in RSDP's development 
to stick with a simpler, more efficient encryption methodology. HTTP packets 
with an encrypted payload provided a way to do that. 
 
While its not impossible to crack the RSDP encryption, it wouldn't yeild much 
information even if somebody did. All it reports is bare event data and some 
config information. It wouldn't be terribly useful to a would be attacker.

There is no way to use SSL between the RSDP and the desktop controller.
 
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com 
 
 

________________________________

From: issforum-bounces@iss.net on behalf of Sergey V Soldatov
Sent: Tue 10/5/2004 3:03 AM
To: issforum@iss.net
Subject: [ISSForum] SSL (TLS) between Dektop controller and Agent



Hi All.
I've found that Desktop Controller and Agent are communicating via HTTP
without any encryption!
How can I set up SSL (TLS) for RSDP components to use for communication?

Nothing was found in ISS KB and RSDP documentation :-(

Thank you all. Good luck!
---
Best regards, Sergey V. Soldatov.
Information security department.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISSForum] SSL (TLS) between Dektop controller and Agent, Sergey V Soldatov
Next by Date:  [ISSForum] License problem, Chan, Howard \(Hong Kong S.A.R.\)
Previous by Thread:  [ISSForum] SSL (TLS) between Dektop controller and Agent, Sergey V Soldatov
Next by Thread:  [ISSForum] License problem, Chan, Howard \(Hong Kong S.A.R.\)
Indexes:  [Date] [Thread] [Top] [All Lists]