Vuln ossec-hids whitelist-critical

From Atomicorp Wiki
Revision as of 18:23, 18 June 2012 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This vulnerability is designed to alert you is you have a large number of IP addresses whitelisted. Whitelisting tells ASL to absolutely trust a host, in short it extends the security boundary to those hosts. Because ASL has no visibility into those hosts, it doesnt know if it can trust them. A large number of whitelisted hosts, such as whitelisting a large network, means that a large number of system need to be trusted. The is a fairly risky condition for the system to be in, as a large number of hosts are very difficult to secure and the probability of one of them being compromised is much higher when there is a large number of hosts on the whitelist.

We recommend you only whitelist hosts that you know are extremely secure. If ASL is blocking a host due to a false positive, please report it to us, we would be happy to fix it for you.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=Vuln_ossec-hids_whitelist-critical&oldid=2383"
Personal tools