ForestSafe discovers Windows Domain computers automatically by interrogating Active Directory.
UNIX, Windows Workgroup and CISCO devices have to be imported.
Running the import
ForestSafe will require passwords do the initial import discovery. But bear in mind that as soon as ForestSafe has management of these servers, these account passwords should and can be scrambled, so they pose no security risk.
The Import pulls its passwords from scan input file, each entry must contain the password.
The scanner also supports SSH Key discovery. If a company already has a key configured on its systems, this key can be imported into ForestSafe via the SSH Keys feature and flagged as non active. The scanner will then carry out an SSH key replacement after it has connected with a non-active key, removing the old key from the file.
Connection considerations
Within the Import file the three methods are:
|
Import method |
Description |
|
WINIPC |
A WINIPC connection is made to the remote machine using an account and password. ForestSafe then has the authority to carry out the action. The WINIPC connection is then removed. |
|
SSHKEY |
SSH is used passing in the active SSH Key |
|
SSHUSER |
SSH is used with an account and password |
Man-In-Middle protection
A feature of ForestSafe allows companies to manage passwords and run remote terminal sessions safely on machines supporting SSH in the outside world. The public key/SHA-1 or MD5 fingerprint of any intended machine to manage can be included in the Scanner import file. On connection if the remote machine key does not match the key in the file, the connection is rejected. This prevents connection to a machine posing as a real machine with the same IP address. This is known as a Man in Middle attack.
Moreover the MD5 signature of every SSH connection is displayed in the header. If a user gets a standard new SSH Key found, they can check against what the key should be, a simple visual check.
Import from file
The Scanner has 3 stages Start, Validate and Save. After the Scan is started, it should not be stopped. At any point of the next stages the user can clear the scan, only on the final stage when saving the Scan do any database updates occur.
Scans are initiated from a file containing details of the hosts. Machines with Remote Root Logon disabled can be imported, SUDO is also supported as are is alternative port number, URLs for computer names
Here is an example file, containing 1 Windows and 2 UNIX and an CISCO device
1,WINIPC,,192.168.242.106,administrator,,,p3ssword
2,SSHKEY,,192.168.242.171,guest,root,,,p3ssword,p3ssword
50,SSHUSER,,192.168.242.175,cisco,en,,3,Bahra215,Peru3210
The first line is a Windows machine, with the account and password to be used to connect. The second is a UNIX computer that has remote root access disabled, and so requires a non ID 0 logon, followed by an SU. The last is a CISCO router, with user cisco configured for logon. The enable account password has also have to be given. Note the Cisco router here is using the SSHUSER Import method as you are not allowed to copy SSH keys onto them.
Importing Windows without WMI
There are 2 additional fields to allow machine to be imported without any contact with WMI. Here is an example:
1,WINIPC,WRKGRP0001,192.168.242.171,administrator,,,,password2,,00-0C-29-55-70-2D,Windows XP Professional 5.1 (2600) Service Pack 2
The ip address and hostname must be given.
