?
Solved

CIM software risks

Posted on 2014-02-24
4
Medium Priority
?
272 Views
Last Modified: 2014-02-26
Albeit not from an infrastructure role myself, most server hardware seems to come with some sort of management (CIM) application, from a risk angle (my role), can anyone give a beginners guides of risks posed if an unauthorised user got say admin access to the CIM for a given server, i.e. what does/would it let you do if you had malicious intentions?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 1000 total points
ID: 39884707
CIM is the industry standard of WMI access, they can do a lot of mischief if they have malicious intentions.
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 1000 total points
ID: 39884712
Most admin tools have SNMP access.  And perhaps WMI, telnet, or SSH access as well.  These protocols can allow for everything from reading current system info to making admin/root level changes.  Admin and monitoring tools can be configured for read only access, but a competent hacker can grant themselves an admin role and then have full control, even if the approved admins only have limited access.  Admin and monitoring tools should always be fully patched, access to these tools should be limited, both successful and unsuccessful logins should be logged and reviewed, and changed made by these tools should be logged and reviewed.
0
 
LVL 3

Author Comment

by:pma111
ID: 39884972
>they can do a lot of mischief if they have malicious intentions.

could you provide some examples to assist in our risk assessment?
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 39885841
Anything from reading data to modifying, copying, or deleting data.  Setting up admin access for themselves, installing backdoor access, etc
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question