<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=723491722-25112002><FONT face=Arial color=#0000ff size=2>Any
command accepted by the client.</FONT></SPAN></DIV>
<DIV><SPAN class=723491722-25112002><FONT face=Arial color=#0000ff size=2>I
don't know how hard or easy it is to get around the limitations the client
places on what it will accept. The code is pretty simple, it looks for specific
text in the string passed to it and executes one of its programmed
actions.</FONT></SPAN></DIV>
<DIV><SPAN class=723491722-25112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=723491722-25112002><FONT face=Arial color=#0000ff size=2>You
can't execute arbitrary commands.</FONT></SPAN></DIV>
<DIV><SPAN class=723491722-25112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=723491722-25112002><FONT face=Arial color=#0000ff size=2>It's
not brilliantly secure, but neither does it open the box up to the
world.</FONT></SPAN></DIV>
<DIV><SPAN class=723491722-25112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Carroll, Jim P [Contractor]
[mailto:jcarro10@sprintspectrum.com]<BR><B>Sent:</B> Tuesday, November 26, 2002
8:42 AM<BR><B>To:</B> nagios<BR><B>Subject:</B> [Nagios-users] yet ANOTHER
NSClient question<BR><BR></FONT></DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2>How secure is NSClient?</FONT></SPAN></DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2>I was asked this question this morning by the resident NT guru, since
we're considering monitoring a few NT boxes which are already 'exposed' to the
Wild Wild Net.</FONT></SPAN></DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2>All I can see is that NSClient has password support, but that pretty much
any command (?) can be executed.</FONT></SPAN></DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2>Any suggestions on locking this down? Or does this fall under the
"I would't recommend it unless you're fond of rebuilding servers" school of
thought?</FONT></SPAN></DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=223013819-25112002><FONT face="Comic Sans MS" color=#000080
size=2>jc</FONT></SPAN></DIV>
<DIV><FONT color=#ff0000 face=Arial
size=1><EM>DISCLAIMER: This electronic message together with any
attachments is confidential. If you are not the intended recipient, do not
copy, disclose or use the contents in any way. Please also advise us by
return e-mail that you have received the message and then please destroy.
Carter Holt Harvey is not responsible for any changes made to this message and /
or any attachments after sending by Carter Holt Harvey. We use virus
scanning software but exclude all liability for viruses or anything similar in
this email or any attachment.</EM></FONT>
</DIV>
</BODY></HTML>