HPE Community
Server Management - Systems Insight Manager
1833151 Members
3253 Online
110051 Solutions
New Discussion

Re: Insight Manager returning versioning - Audit Related

 
Steven Ramirez
New Member

‎12-02-2009 07:45 AM

‎12-02-2009 07:45 AM

Insight Manager returning versioning - Audit Related

Hi

First off...I know practically nothing about SIM.

We have been audited recently in which the auditors findings stated information disclosure/leakage as it pertains to versioning being returned from our SIM products....

Primarily HTTP versions....but our ILO cards returned SSH versions. Here's an example;

Port 2301 (Compaq Insight Manager) – Review of the niktoscan file revealed that the service as Compaq HTTP server version 9.9. If possible, references to the software product and version should be omitted from the service banner. This is considered information leakage. If this is not practical, the agency should consider restricting this device to inside the smallest appropriate network perimeter.

Port 49400 (Compaq HTTP Server) – The service revealed itself as Compaq HTTP Server 5.91. If possible, references to the software product and version should be omitted from the service banner. This is considered information leakage. If this is not practical, the agency should consider restricting this device to inside the smallest appropriate network perimeter.


Is there a way to prevent SIM from returning versioning? I do understand we are behind....

Also, with an upgrade to a newer version, does that change the product from returning versioning?

Thanks in advance
0 Kudos
Reply
5 REPLIES 5
Rob Buxton
Honored Contributor

‎12-02-2009 05:23 PM

‎12-02-2009 05:23 PM

Re: Insight Manager returning versioning - Audit Related

Not that I'm aware of.
You must have very high security considerations if that really is relevant. You may want to consider whether the audit is adding value and actually increasing security or just generating a lot of noise that will really just get in the way.
Are these externally facing servers?
0 Kudos
Reply
Steven Ramirez
New Member

‎12-03-2009 05:50 AM

‎12-03-2009 05:50 AM

Re: Insight Manager returning versioning - Audit Related

Hi Rob

I see these as pretty low on the scale of risk...unfortunately the audit is mandated as we are public sector and its just really caused a lot of "busy work". I was just hoping to be able to refute the finding by stating that "masking" versioning is not possible.

On some other systems I can see some value...regarding SSH versions and our ilo's as there some known exploits for older versions of OpenSSH and it just highlites the need for us to upgrade.

Thanks for the response.
0 Kudos
Reply
Steven Ramirez
New Member

‎12-03-2009 05:52 AM

‎12-03-2009 05:52 AM

Re: Insight Manager returning versioning - Audit Related

Sorry...forgot to mention these are internal systems...I think also the concern is that we do not employ any type of network access control yet....so technically someone could find a hot drop in one of our 200+ locations, connect in, get an IP and potentially sweep/scan the network....
0 Kudos
Reply
Rob Buxton
Honored Contributor

‎12-03-2009 07:34 PM

‎12-03-2009 07:34 PM

Re: Insight Manager returning versioning - Audit Related

It's a bit of a double edged sword as well. If you hide the version number, how do you know if it needs updating?

You could raise a call with HP to get a definitive answer. But there's no way of hiding these using the base product.

Also if someone has got inside the network and can sweep your internal network you've probably got bigger issues than ssh versions.
0 Kudos
Reply
Steven Ramirez
New Member

‎12-04-2009 06:32 AM

‎12-04-2009 06:32 AM

Re: Insight Manager returning versioning - Audit Related

Yes...exactly!...and that was one of my responses to the findings...if we mask - how do we know (without more scrutiny) what is requiring updating!

In regards to "outsiders" having access to the network...they make NO mention of that in their findings....and I of course don't really want to point it out :-)...which is another double-edged sword.

After more research yesterday...and finding other outdated Open SSH versions on ESX hosts...which interestingly enough allows for an upgrade without upgrading the ESX platform....I have already submitted change requests for the HP SIM and ILO upgrades...which we need to do anyway.

I appreciate your response.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.