[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Compaq Insight Agents. was: Packets with source of external inter face on internal i nterface

To: FKeeney@hsa.com
Subject: RE: [FW1] Compaq Insight Agents. was: Packets with source of external inter face on internal i nterface
From: Lars.Troen@Merkantildata.no
Date: Mon, 31 May 1999 11:28:14 +0200
Cc: fw-1-mailinglist@lists.us.checkpoint.com
Sender: owner-fw-1-mailinglist@lists.us.checkpoint.com


Frank, 
Of course we run Compaq Insight Agents on our compaq firewalls. You see, we
have a ruleset on the firewall which will only let the mgmt station(s) have
access to the firewall on those necessary ports. That's IMO a better
solution than not knowing that one of the disks has crashed. 

Compaq should come up with a fix ASAP, because this not only let users
reboot your (not firewall protected) server(s). They can also read files
from your system and crash the insight agents. 

If you chose to uninstall the Insight agents, make sure you stop the
surveyor service as it's not uninstalled by the uninstall program.

Lars

-----Original Message-----
From: Frank W. Keeney [mailto:FKeeney@hsa.com]
Sent: Saturday, May 29, 1999 12:18 AM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Compaq Insight Agents. was: Packets with source of
external inter face on internal i nterface
Importance: Low



I hope that you are not running Insight Agents on the Firewall.

A few things you should know about Insight Agents:

When you install the Compaq Insight Agents on your server it installs a
web server on port 2301. Point your browser to
http://servernameoripaddress:2301 and you will be greeted with the
Insight Manager Web Server.

Goto:

http://servernameoripaddress:2301/cpqlogin.htm

Type "administrator" for both the name and password and you will be
given administrator access to the Insight Agents. Surprise :-/

Check for the "Insight Agents" Control Panel. Open it and select the
"SNMP Settings" tab. If the check box next to "Enable Remote Reboot" is
checked then anyone on your network can reboot your computer. Imagine if
you have this on an unprotected server on the Internet. Also imagine a
disgruntled or curious user on your network rebooting your critical
servers over and over. 

If you must use the Insight Agents, disable "Enable Remote Reboot" and
"Enable SNMP Sets" the "SNMP Settings" tab.

To disable the Insight Web Agent disable it in the Services Control
Panel. Note, you must select "Disable" and not "Manual" since the
Insight Agents will start it if it's set to "Manual".

If you use the Insight Web Agents follow the included instructions on
how to secure access to the web server. Also, the Insight Web Agent
frequently sends a udp broadcast on port 2301 just let everyone know
that the Insight Web Agent is up and running.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] DMZ backup
Next by Date: Re: [FW1] Management of V3.0 and v4.0
Prev by thread: [FW1] DMZ backup
Next by thread: [FW1] RE:Perl CGI and NAV for Checkpoint
Index(es):
- Date
- Thread