Difference between revisions of "Vuln ossec-hids whitelist-critical"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "This vulnerability is designed to alert you is you have a large number of IP addresses whitelisted. Whitelisting tells ASL to absolutely trust a host, in short it extends the...")

Revision as of 17:23, 18 June 2012

This vulnerability is designed to alert you is you have a large number of IP addresses whitelisted. Whitelisting tells ASL to absolutely trust a host, in short it extends the security boundary to those hosts. Because ASL has no visibility into those hosts, it doesnt know if it can trust them. A large number of whitelisted hosts, such as whitelisting a large network, means that a large number of system need to be trusted. The is a fairly risky condition for the system to be in, as a large number of hosts are very difficult to secure and the probability of one of them being compromised is much higher when there is a large number of hosts on the whitelist.

We recommend you only whitelist hosts that you know are extremely secure. If ASL is blocking a host due to a false positive, please report it to us, we would be happy to fix it for you.

Personal tools