My customer manages their internal machines using HP Openview.
With this configuration, a piece of client software is
installed on the target machine and Openview talks to it
using DCE/RPC. Currently we have quite a few servers
deployed on a DMZ and the customer would like to
'monitor' them using the same Openview setup. This
involves openening up a number of DCE/RPC ports
bidirectionally from the inside to the DMZ and back.
I am concerned that if the server in the DMZ gets hacked,
someone could then exploit an RPC bug, gain access to
the internal Openview machine and then have a free run
of the internal network. Is this a valid concern for
denying the use of Openview DCE/RPC? Is there a better
way to allow the broad functionality of the Openview
client, but have it restricted to using some 'simpler and
safer' protocol? Obviously it would be nice to monitor
the DMZ machines with the Openview client since it
reports on all sorts of statistics and watches 'services'
as opposed to ping or snmp which give back less information
and basically only tell if the machine is up or down. Other
people must monitor the resources of their critical machines
in the DMZ somehow safely....
-Jon
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
