Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I deal with a server that is designated as a management server for other systems

ID: 654860 • Letter: I

Question

I deal with a server that is designated as a management server for other systems. It has a local web server that supplies a management console for a product we use. The management console has been setup to run through SSL.

Firewalls have blocked off access to the management console for all external systems. There is no way to eavesdrop as the network traffic is not being routed anywhere.

I would assume if an attacker had access to network card directly he/she would see both sides of the conversation anyways.

Is there any advantage of running SSL in this scenario?

Explanation / Answer

If the data never leave the system there is probably no advantage of using SSL to protect the transmitted data. But I see other problems with your approach:

It has a local web server that supplies a management console for a product we use

This suggests that you access the management console with a web browser on the local system. Unless there is some way to restrict the browser to only this host you have to be very careful about attacks like CSRF, which can be triggered if you visit other sites with the same browser. This is a typical attack vector for web based management consoles and you would be surprised how many routers or even firewalls are vulnerable against this kind of attack.

And even with this restriction unwanted management actions might be triggered from visiting logs or other files on your management console, unless you were very careful with escaping user input to defeat attacks using script injection or HTML injections (like XSS).

Also it is probably easy to access the console from remote by explicitly doing port forwarding (using putty or similar products). This is commonly used to remote control systems even if the vendor itself explicitly made sure that remote access is not possible in the default setup for security reasons. It is done because this kind of restriction is often more seen as an annoyance and the risk is ignored.

Firewalls have blocked off access to the management console for all external systems.

If this protection is only done by firewalls then you should check the design again. Usually it is better to have the server only running at an IP address which can not be reached from outside by design, e.g. localhost (127.0.0.1). In this case a firewall would not be needed to restrict access and there is one thing less which can go wrong.

Related Questions

I created a class Set with elements made up of class Rational. In adding Rationa
Question #3621660
I created a class named bank.java that has a bunch of different things it does i
Question #3689499
I created a class that stores 3 objects. ID (int), Name (string) and Grade (doub
Question #3673839
I created a code with C. Now I need it to run on UART. This my C code output: Th
Question #674575
I created a database CD ( i don\'t know correctly or not): create database CD th
Question #3916732
I created a empty Web application called Grocery Store and added a new web page
Question #3639592
I created a empty Web application called Grocery Store and added a new web page
Question #3640393
I created a empty Web application called RideAway and added a new web page named
Question #3639594
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I cut the wrong answers for your help. 9. The operating-cash-flow-to-current-lia
Next
I debuged however the vendor name initialize with null. How can I fix it?( I ass

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.