HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Server Management (Insight Manager 7)
- >
- Folks concerned with Insight Manager 7 and web age...
Server Management (Insight Manager 7)
1833694
Members
2949
Online
110062
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2002 04:00 PM
08-23-2002 04:00 PM
Folks concerned with Insight Manager 7 and web agent security...
The following hopefully will help dispell misinformation about Insight Manager 7 and Windows web agent security concerns:
The old (pre- Insight 7) web agents DID have a vulnerability of having known default passwords. The new agents require the user to define passwords during installation. There are NO default passwords. The default "anonymous" access now provides effectively NO access.
The web agents DO NOT use port 80 (normal web access port), so they are not subject to attacks targeted at Internet Information Server (IIS), that uses port 80. Though they use the "web protocol" (HTTP), they don't "listen" on the normal port that web servers do (port 80).
The web agents now use Secure Socket Layer (SSL) for browser access and access by Insight Manager 7. The normal SSL port of 443 is also NOT used. When people try to access it using the browser on port 2301 (old access port), they are redirected to an SSL encrypted session on port 2381, so all communication between the browser and the agent are encrypted, including password.
When installed properly, in its most secure mode (what is called "Trust by Certificate"), all communications between Insight Manager 7 and the web agents are encrypted using SSL, and the web agents must possess the Insight Manager 7's "certificate", and verifies all command attempts. This prevents someone setting up an unauthorized (rogue) Insight Manager 7 server. It also lets departments prevent other departments from unauthorized "management" of their servers. This is vastly more secure than the SNMP (Simple Network Management Protocol), commonly used in systems management, with its well publicized vulnerabilities.
Insight Manager 7 uses SSL encryption on all web browsers accessing the system, so the entire session, including logon, is encrypted.
Insight Manager authenticates all accounts using Windows security, so if a user changes their password, it is also changed for Insight Manager 7. If a user account is disabled in Windows (they leave the company, for example), it is automatically disabled in Insight Manager 7. An access account MUST exist in windows, and must be explicitly granted access within Insight Manager 7. Even "administrators" within Windows have no default access into Insight Manager 7.
Take care,
Bob Slovick
The old (pre- Insight 7) web agents DID have a vulnerability of having known default passwords. The new agents require the user to define passwords during installation. There are NO default passwords. The default "anonymous" access now provides effectively NO access.
The web agents DO NOT use port 80 (normal web access port), so they are not subject to attacks targeted at Internet Information Server (IIS), that uses port 80. Though they use the "web protocol" (HTTP), they don't "listen" on the normal port that web servers do (port 80).
The web agents now use Secure Socket Layer (SSL) for browser access and access by Insight Manager 7. The normal SSL port of 443 is also NOT used. When people try to access it using the browser on port 2301 (old access port), they are redirected to an SSL encrypted session on port 2381, so all communication between the browser and the agent are encrypted, including password.
When installed properly, in its most secure mode (what is called "Trust by Certificate"), all communications between Insight Manager 7 and the web agents are encrypted using SSL, and the web agents must possess the Insight Manager 7's "certificate", and verifies all command attempts. This prevents someone setting up an unauthorized (rogue) Insight Manager 7 server. It also lets departments prevent other departments from unauthorized "management" of their servers. This is vastly more secure than the SNMP (Simple Network Management Protocol), commonly used in systems management, with its well publicized vulnerabilities.
Insight Manager 7 uses SSL encryption on all web browsers accessing the system, so the entire session, including logon, is encrypted.
Insight Manager authenticates all accounts using Windows security, so if a user changes their password, it is also changed for Insight Manager 7. If a user account is disabled in Windows (they leave the company, for example), it is automatically disabled in Insight Manager 7. An access account MUST exist in windows, and must be explicitly granted access within Insight Manager 7. Even "administrators" within Windows have no default access into Insight Manager 7.
Take care,
Bob Slovick
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-25-2002 04:00 PM
08-25-2002 04:00 PM
Re: Folks concerned with Insight Manager 7 and web agent security...
Hi Bob!
That's true - "... all communication between the browser and the agent are encrypted...". But thats NOT true for Netware because you could not configure the Compaq agents on a Netware server to use the "Trust by Certificate" method.
I think Compaq should tell the hole story. There are also other Non-Microsoft OS and people on this planet. Perhaps are the Netware people no longer welcome at Compaq?
Chris
That's true - "... all communication between the browser and the agent are encrypted...". But thats NOT true for Netware because you could not configure the Compaq agents on a Netware server to use the "Trust by Certificate" method.
I think Compaq should tell the hole story. There are also other Non-Microsoft OS and people on this planet. Perhaps are the Netware people no longer welcome at Compaq?
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2002 04:00 PM
09-11-2002 04:00 PM
Re: Folks concerned with Insight Manager 7 and web agent security...
I just installed the new 5.41 agents on a DL580. It didn't ask me to define passwords. Where do I go to do that?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP