https://inliniac.net/blog/tag/proxy/ Recent content in Proxy on Inliniac Hugo en Fri, 24 Aug 2007 16:26:47 +0000 https://inliniac.net/blog/2007/08/24/follow-up-on-sguil-securtiy/ Fri, 24 Aug 2007 16:26:47 +0000 https://inliniac.net/blog/2007/08/24/follow-up-on-sguil-securtiy/ <p>In the discussion about my post about Sguil security there have been a number of ideas and general thoughts. I&rsquo;d like to write about them here to we can further discuss them. There seems to be consensus on that when a sensors is rooted, there is nothing we can do to prevent injection of bogus data as long as it isn&rsquo;t malformed.</p> <p>Having the agent authenticate itself is a solution, but it relies on the agent credentials to remain secret. So when a webserver is rooted the attacker will have access to the credentials as they will be stored on the webserver itself. So this approach does provide an extra layer of defense but local roots aren&rsquo;t uncommon, so it remains risky. It may still be worth the effort though.</p>