[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    RE: spiceworks-opinions please?
From:       "Ian Callard (IT)" <ian.callard () za ! suninternational ! com>
Date:       2007-06-29 17:48:25
Message-ID: E64877A168715A479AE0AF23E24BA9E20A4D129D () sr-sc-mes-mb02 ! corp ! simlds ! com
[Download RAW message or body]

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Murda Mcloud
Sent: 25 June 2007 04:12
To: security-basics@securityfocus.com
Subject: spiceworks-opinions please?



Hi all,
I wanted to find out if anyone had used an app called spiceworks in an sme
and what, if any security implications they had found from using it.

It is not open source but is advertised as free(due to sponsorship) and this
made a little worried as to what the EULA maye have included in it with
regards to data privacy.
Also, in terms of functionality what kind of client (if any) does it load on
hosts in order to monitor and what type of connections does it need for
monitoring.

Thanks.


Hi.
I've only looked at this application since your mail and this is what I've found so far.

This application uses various methods to log in to your hosts.
* SSH for any Unix type OS
* SNMP for any type of device
* WMI and normal NTLM for Windows hosts

The passwords to access the hosts are stored in a locally just like your login credentials.

IT hosts its own web server named Mongrel according to ServerSpy
The whole shebang is managed via a browser, so all those warnings apply.
Plus, it it has a section on the right connecting to http://frontend.spiceworks.com/ for adverts

Hope this little bit helps you get started.
The information contained in this email is confidential and may be subject
to legal privilege. The content of this email, which may include one or more 
attachments, is strictly confidential, and is intended solely for the use of the 
named recipient/s.

If you are not the intended recipient, you cannot use, copy, distribute, disclose 
or retain the email or any part of its contents or take any action in reliance on it. 
If you have received this email in error, please email the sender by replying to 
this message and to permanently delete it and all attachments from your computer.

All reasonable precautions have been taken to ensure that no viruses are present 
in this email and the company cannot accept responsibility for any loss or damage arising 
from the use of this email or attachments.

[prev in list] [next in list] [prev in thread] [next in thread]