Remember it (the password)
You can delete the .db file and it will ask for a new password on the next
startup.
Look - the data in ntop isn't top secret. There are two parts to the
situation...
RUNNING ntop
and
VIEWING ntop data
Running
=======
If you have enough permissions to run ntop on a machine, you have enough to
run nmap and sniff/capture the traffic. If you hack ntop to run as
non-root (i.e. NICs not in promiscuous mode), again you have already have
enough permissions to sniff/capture the traffic addressed to that machine.
So RUNNING ntop doesn't allow a user to elevate privileges unless you do
something like SUID root for ntop...
Viewing
=======
There are situations where even the information such as traffic flows might
be sensitive. If that describes your organization, then running ntop isn't
a good choice, because it will present - in the web interface - sensitive
information that the user might not be able to sniff/capture.
Thus, the question the organization needs to answer is this one:
"ntop allows users to view information about network flows (connections
among hosts) that would not normally be available to users. Although ntop
provides some casual security to prevent people from accessing this
information, it should in no way be seen as 'secure'. Would release of this
information to internal users compromise the organization's security?"
There is no general answer.
Note that you can further lock ntop down with firewalls, access rules, etc.
but the basic function of ntop is to collect information the user would not
normally see and present it to him/her.
If I were running ntop in a sensitive environment, I would do the following:
* Install n+1 NICs (where n is the # of segments you wish to monitor):
NIC #0 has an IP address, etc. and is connected internally on a DMZ type
segment, protected against ALL outside use and available only to limited
internal users.
NIC #1... are the monitoring NICs and do NOT have an IP address
assigned - they are just passive listeners on each segment you want ntop to
monitor. (Note that NIC 0 may suffice for monitoring the DMZ segment).
That's basically how I'm running - eth0 is 192.168.x.y on the internal
network, eth1 is
ifconfig eth1 0.0.0.0
ifconfig eth1 up
ifconfig eth1 promisc
"sniffing" the external (cable modem) side of the network.
Finally, if traffic sniff/capture is an issue, then setting SUID root for
nmap isn't too bright either...
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Boniforti Flavio
Sent: Monday, April 08, 2002 2:40 AM
To: [EMAIL PROTECTED]
Subject: R: R: [Ntop] Please enter the password for the admin user:
> users to allow access to the system. After you are done,
> remove the extra
> URLs but do it with care.
hehehe... and what the heck should I do to retrieve the password I've set
for the "admin" account???
Thanx...
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
