---------
We recently executed an internal penetration test, and one of the findings from this test was an insecure configuration of the Altiris agent/communication. This issue actually allowed the penetration tester to force an Altiris agent to utilize basic authentication, and he was able to obtain the password for the Altiris service account. Using this account, he was able to gain access to pretty much any system within our environment.
In researching the issue; it looks like more recent versions of Altiris had the setting ‘Allow Basic Authentication’ disabled by default, however the version we are utilizing does not. I am not sure what it would take, or if it would cause any issue, but due to the nature of the service account (AppID) and level of access it has – we need to look into disabling Basic Authentication within Altiris all together.
Please advise on how best to move forward with this.
----------
Folks: The excerpt above was received from our corporate security office who had hired someone to test the penetrability of our network form outside our enterprise. Very disturbing results. I am wondering if a separate account for Client Agent communication would be a better way to go and let the AppID control the SMP NS Server and the SQL Database.
Anyone have any thoughts on either complete elimination of the "Basic Authentication" or switching to a non AppID account for all clients....