[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] SSL (TLS) between Dektop controller and Agent



Not true. Desktops communicate with the Desktop Controller via specially crafted HTTP packets. The packet is an regular HTTP packet, but the contents (the payload) of the packet is encrypted. RSDP uses the account name (rsdp account name, not a windows account name) and password as the encrypting method. 

Part of the rationale for this was performance. SSL sesssions eat up CPU time. The session must be established, maintained, and keys swapped, etc. RSDP communications are almost completely asymentrical. The RSDP agent sends data to the controller and pulls down updates. The controller never "pushes" anything to the agents. Thus, its difficult to maintain SSL sessions. 
 
And since desktops can come and go offline, maintaining SSL sessions would eat up CPU resources of the desktop controller having to constantly build and destroy SSL sessions. Hence, the decision was made early in RSDP's development to stick with a simpler, more efficient encryption methodology. HTTP packets with an encrypted payload provided a way to do that. 
 
While its not impossible to crack the RSDP encryption, it wouldn't yeild much information even if somebody did. All it reports is bare event data and some config information. It wouldn't be terribly useful to a would be attacker.

There is no way to use SSL between the RSDP and the desktop controller.
 
Andrew Plato, CISSP
President / Principal Consultant
Anitian Enterprise Security
www.anitian.com 
 
 

________________________________

From: issforum-bounces@xxxxxxx on behalf of Sergey V Soldatov
Sent: Tue 10/5/2004 3:03 AM
To: issforum@xxxxxxx
Subject: [ISSForum] SSL (TLS) between Dektop controller and Agent



Hi All.
I've found that Desktop Controller and Agent are communicating via HTTP
without any encryption!
How can I set up SSL (TLS) for RSDP components to use for communication?

Nothing was found in ISS KB and RSDP documentation :-(

Thank you all. Good luck!
---
Best regards, Sergey V. Soldatov.
Information security department.



_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.