NAI ePolicy Orchestrator

From: Blake Frantz (blake@mc.net)
Date: 10/30/01 

Date: Tue, 30 Oct 2001 15:15:13 -0600 (CST)
From: Blake Frantz <blake@mc.net>
To: pen-test@securityfocus.com
Subject: NAI ePolicy Orchestrator
Message-ID: <Pine.BSI.4.05L.10110301500400.2673-100000@maxx.mc.net>

Hello,

I'm looking for a whitepaper on securing NAI ePolicy Orchestrator and
can't seem to find anything solid. We are performing an internal audit of
our machines and found the the ePolicy Orchestrator Servers all listen on
ports 80,8080,8081 -- Each port redirects back to the same directory
structure:

EVTFILTR.INI 322 09/20/2001 12:45 AM
NAIMSERV.LOG 1094 10/26/2001 06:23 PM
SERVER.INI 277 10/10/2001 10:00 PM
SITEINFO.INI 268 10/10/2001 10:00 PM

The contents of two of the files are below:

[SERVER.INI] (I modified the hash, but the length is still the same)

[Server] DataSource=EPOAV Database=ePO_EPOAV UserName=sa
Password=U3BVmVk4KHxsYFxaYFGRIVDxARHBoGCh8bGBcWBRkSFaQ8QERwaAA==
UseNTAccount=0 HTTPPort=80 AgentHttpPort=8081 ConsoleHTTPPort=8080
MaxHttpConnection=1000 EventLogFileSizeLimit=2097152 MaxSoftInstall=25

[/SERVER.INI]

[SITEINFO.INI]

[SiteInfo] Version=1769 DefaultSite=Current Sites=Current [Current]
MasterSiteServer=xxxx Servers=xxxx [xxxx] ComputerName=xxxx
DNSName=xxx.xxx.xxx.xxx LastKnownIP=xxx.xxx.xxx.xxx HTTPPort=80
AgentHttpPort=8081 ConsoleHTTPPort=8080

[/SITEINFO.INI]

These files appear to contain connection info to a MSSQL instance
using the sa account -- the password hash is even there.

My questions are:

Is this how a typical installation is *supposed* to look? I think not,
but two of our servers yeild the same info.

Is the hash found in server.ini a MSSQL hash or a hash generated by the
EPO server itself?

Does anyone have a whitepaper on properly securing these servers?

Thanks in advance,

-blake

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: no re eval not secure enough
    ... > Matthew Braid wrote: ... > In this case I was looking for holes in the idea of 'securing' an object's data ... > through a my'd hash inside the package keyed on an instance's stringification ...
    (comp.lang.perl.misc)
  • Re: Securely getting a password from a custom app into Oracle
    ... In addition to securing the password in transit ... the hash of the password and compares the hash of the input password with ... error logs. ... This can totally compromise all other security measures you ...
    (SecProg)
  • Re: NAI ePolicy Orchestrator
    ... currently working on an ePolicy deployment and I would like to hear about ... >=C4mne: NAI ePolicy Orchestrator ... >using the sa account -- the password hash is even there. ... >but two of our servers yeild the same info. ...
    (Pen-Test)
  • Re: Is software firewall nessasery if hardware is available?
    ... > servers. ... secure Personal Firewall Application on the workstation you would not be ... in good shape for securing the web workstation. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security Basics
    ... > I am setting up an IIS to host some websites. ... > experience in securing my servers from malicious attacks. ... Microsoft MVP for servers & security Website - http://www.robertmoir.co.uk ...
    (microsoft.public.security)