Storing device credentials

Q. Does InterMapper encrypt stored device credentials, such as SNMP community strings and user logins?

A. InterMapper 5.1 stores device credentials such as user names and passwords in each map file with the other device attributes. The credentials are not encrypted or hidden in any way within the file. If someone has direct access to the map files on disk, they can extract the passwords by running 'strings'.

For this reason, unix permissions to map files are set to read/write for owner only.

InterMapper users with admin privileges can export the map files also. Note that the default "out of the box" InterMapper installation gives admin access to connections from localhost. To secure this, set a password for the admin user, and clear the auto-login setting (which specifies 127.0.0.1 and ::1).

The credentials for the NT Services probe use CryptProtectData in the Win32 API to encrypt it, using the CRYPTPROTECT_UI_FORBIDDEN option and no additional entropy.
http://msdn.microsoft.com/en-us/library/aa380261(VS.85).aspx
In Windows XP and above, this will use Triple-DES encryption; in Windows 2000, possibly AES.

+1 800-328-1000

[email protected]

Infrastructure Protection & Data Security

Managed Security Services

Automation

IBM i