[94423] in North American Network Operators' Group
Re: FW: [cacti-announce] Cacti 0.8.6j Released (fwd)
daemon@ATHENA.MIT.EDU (Travis H.)
Mon Jan 22 00:37:37 2007
Date: Sun, 21 Jan 2007 23:35:13 -0600
From: "Travis H." <travis+ml-nanog@subspacefield.org>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <8FB2C86BB1EB01498A59A762F6CD556F0BB7AFB9@MAPI.iconnection.com>
Errors-To: owner-nanog@merit.edu
--x4pBfXISqBoDm8sr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jan 18, 2007 at 02:33:10PM -0700, Berkman, Scott wrote:
> NMS Software should not be placed in the public domain/internet. By the
> time anyone who would like to attack Cacti itself can access the server
> and malform an HTTP request to run this attack, then can also go see
> your entire topology and access your SNMP keys (assuming v1).
I think there are a few factors at work here:
1) PHP is very easy to learn, but deals primarily with web input (i.e.
potentially hostile).
Since most novice programmers are happy to get the software working,
they rarely ever consider the problem of trying to make it not not work.
In other words, that it always behave correctly. That problem and
assurance is much, much more difficult than just getting the software
to work. You can't test it into the software. You can't rely on a
good history to indicate there are no latent problems.
2) Furthermore, this is a service that is designed primarily for
public consumption, unlike say NFS; it cannot be easily firewalled at
the network layer if there is a problem or abuse.
3) The end devices rarely support direct VPN connections, and redundant
infrastructure just for monitoring is expensive.
4) The functionality controlled by the user is too complicated. If all
you are doing is serving images of graphs, generate them for the common
scenarios and save them to a directory where a much more simple program
can serve them.
That is, most of the dynamically-generated content doesn't need to be
generated on demand. If you're pulling data from a database, pull it
all and generate static HTML files. Then you don't even need CGI
functionality on the end-user interface. It thus scales much better
than the dynamic stuff, or SSL-encrypted sessions, because it isn't
doing any computation.
As they say, there are two ways to design a secure system:
1) Make it so simple that there are obviously no vulnerabilities.
2) Make it so complex that there are no obvious vulnerabilities.
I prefer the former, however unsexy and non-interactive it may be.
> write it yourself or purchase it from a vendor that can
> support and guarantee the security of the product.
Unless you're a skilled programmer with a good understanding of
secure coding techniques, the first suggestion could be dangerous.
It seems that too many developers try to do things themselves without
any research into similar programs and the kinds of security risks
they faced, and end up making common mistakes in the form of
security vulnerabilities.
And no vendor of popular software I know of can guarantee that it
is secure. I have seen a few companies that employ formal methods
in their design practices and good software engineering techniques
in the coding process, but they are almost unheard of.
--=20
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
--x4pBfXISqBoDm8sr
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)
iQIVAwUBRbRNEGQVZZEDJt9HAQIicQ/+LJXzo9DZk12SuhQ+7m6HvY0YKDv3TPsC
mfV8c9Wh5AnwXPcDVQxo7cN7e4BRnr5flMj25KxOCbwZ7NUTlCEguNszLaO2vXhx
oYKecoQfBxunLfr0E529oQKym7blYEz+mQbJMs5guR2OpL45SZCBQI/xvAIIiXnU
DirKXVOh4GLzYjk6cWk7cDV8H2iZiEceNgp96AsOzGvSUEJiTh522B3GST50wTTG
1FyLnHe+SlIr0HR253otTg2NQ5bpjzleKNc7BLX3i59AOWCu/+AaQvhzC061QsTz
ooy6Pmo271QlsQ5BtR8ASL7EU3TsXnVRdfv1SSOLo3f+OmvFvIsBD7C9PNnKOrHd
SG9kqk366dtzXcQZmrEKGIETmmoG/WCOBsE8fExKduxXxFRARHlk2xGRjUNUfpRN
6BDbXFNg3n9xtp2D/A3es/6Gsf2D5Rko9QxcfSm98Uot6Ertx1oa35Kt4b6mqDGz
7Hn0jGKIFo2MlPGAJ742kfZGB/PSX+KRt/4uGovA3V/+0tqFRjj5BM293hA8U7/r
GA7CXbtuj/QosL5Rer4S+iV15601rxv58ICm8soDudg7/cF3SiQSgtF4uYhzbB59
U4lEc0e/qTDCu9KR9w/UphpR5rpN89Wn9GRtWm9Y6lOgpVEYWG35OxshdFtp+ctJ
20inXgcITlw=
=eMMz
-----END PGP SIGNATURE-----
--x4pBfXISqBoDm8sr--
