Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: spiceworks-opinions please?

from [Ian Callard (IT)] Network Security [Permanent Link]
Subject: RE: spiceworks-opinions please?
Date: Fri, 29 Jun 2007 19:48:25 +0200 
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On 
Behalf Of Murda Mcloud
Sent: 25 June 2007 04:12
To: security-basics@securityfocus.com
Subject: spiceworks-opinions please?



Hi all,
I wanted to find out if anyone had used an app called spiceworks in an sme
and what, if any security implications they had found from using it.

It is not open source but is advertised as free(due to sponsorship) and this
made a little worried as to what the EULA maye have included in it with
regards to data privacy.
Also, in terms of functionality what kind of client (if any) does it load on
hosts in order to monitor and what type of connections does it need for
monitoring.

Thanks.


Hi.
I've only looked at this application since your mail and this is what I've 
found so far.

This application uses various methods to log in to your hosts.
* SSH for any Unix type OS
* SNMP for any type of device
* WMI and normal NTLM for Windows hosts

The passwords to access the hosts are stored in a locally just like your login 
credentials.

IT hosts its own web server named Mongrel according to ServerSpy
The whole shebang is managed via a browser, so all those warnings apply.
Plus, it it has a section on the right connecting to 
http://frontend.spiceworks.com/ for adverts

Hope this little bit helps you get started.
The information contained in this email is confidential and may be subject
to legal privilege. The content of this email, which may include one or more 
attachments, is strictly confidential, and is intended solely for the use of 
the 
named recipient/s.

If you are not the intended recipient, you cannot use, copy, distribute, 
disclose 
or retain the email or any part of its contents or take any action in reliance 
on it. 
If you have received this email in error, please email the sender by replying 
to 
this message and to permanently delete it and all attachments from your 
computer.

All reasonable precautions have been taken to ensure that no viruses are 
present 
in this email and the company cannot accept responsibility for any loss or 
damage arising 
from the use of this email or attachments.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  A doable frequent password change policy?, WALI
Next by Date:  Re: SSL Nikto Scans Using Cygwin, knuth
Previous by Thread:  spiceworks-opinions please?, Murda Mcloud
Next by Thread:  Open Source Security Information Management (OSSIM), neil
Indexes:  [Date] [Thread] [Top] [All Lists]