Re: NAI ePolicy Orchestrator

Fri, 21 Feb 2003 13:54:59 -0800 

In-Reply-To: <[EMAIL PROTECTED]>

Hi all,

    This is quite an old thread that I would like to undust a bit. I am 
currently working on an ePolicy deployment and I would like to hear about 
your experimentations and discoveries on this product, of course from a 
reverse engineering point of view...

Regards,

Yvan


>Fr=E5n: Blake Frantz [mailto:[EMAIL PROTECTED]
>Skickat: den 30 oktober 2001 22:15
>Till: [EMAIL PROTECTED]
>=C4mne: NAI ePolicy Orchestrator
>
>
>
>
>Hello,
>
>I'm looking for a whitepaper on securing NAI ePolicy Orchestrator and
>can't seem to find anything solid.  We are performing an internal audit =
>of
>our machines and found the the ePolicy Orchestrator Servers all listen =
>on
>ports 80,8080,8081 -- Each port redirects back to the same directory
>structure:
>
>EVTFILTR.INI  322     09/20/2001 12:45 AM =20
>NAIMSERV.LOG  1094     10/26/2001 06:23 PM =20
>SERVER.INI  277     10/10/2001 10:00 PM =20
>SITEINFO.INI  268     10/10/2001 10:00 PM =20
>
>The contents of two of the files are below:
>
>[SERVER.INI] (I modified the hash, but the length is still the same)
>
>[Server] DataSource=3DEPOAV Database=3DePO_EPOAV UserName=3Dsa
>Password=3DU3BVmVk4KHxsYFxaYFGRIVDxARHBoGCh8bGBcWBRkSFaQ8QERwaAA=3D=3D
>UseNTAccount=3D0 HTTPPort=3D80 AgentHttpPort=3D8081 =
>ConsoleHTTPPort=3D8080
>MaxHttpConnection=3D1000 EventLogFileSizeLimit=3D2097152 =
>MaxSoftInstall=3D25=20
>
>[/SERVER.INI]
>
>[SITEINFO.INI]
>
>[SiteInfo] Version=3D1769 DefaultSite=3DCurrent Sites=3DCurrent =
>[Current]
>MasterSiteServer=3Dxxxx Servers=3Dxxxx [xxxx] ComputerName=3Dxxxx
>DNSName=3Dxxx.xxx.xxx.xxx LastKnownIP=3Dxxx.xxx.xxx.xxx HTTPPort=3D80
>AgentHttpPort=3D8081 ConsoleHTTPPort=3D8080 =20
>
>[/SITEINFO.INI]
>
>These files appear to contain connection info to a MSSQL instance
>using the sa account -- the password hash is even there.
>
>My questions are:
>
>Is this how a typical installation is *supposed* to look?  I think not,
>but two of our servers yeild the same info.
>
>Is the hash found in server.ini a MSSQL hash or a hash generated by the
>EPO server itself? =20
>
>Does anyone have a whitepaper on properly securing these servers?
>
>Thanks in advance,
>
>-blake

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core

Reply via email to