[RADIATOR] Password/certificate security seems next to none on Radiator server
Nadav Hod
nadav.hod at comm-it.co.il
Fri Oct 2 11:27:24 CDT 2015
Yes but as I mentioned in the original post, I suggested to access these stores over a network share. These really shouldn't be local, afterall the certificates can be loaded into memory and passwords can also be loaded into memory. The share can be secured behind firewall (including different security modules) and domain-level security. Most SMB's and enterprises already have these in place. Keeping things local is bad practice for several reasons.
________________________________________
From: Nick Lowe [nick.lowe at lugatech.com]
Sent: Friday, October 02, 2015 5:52 PM
To: Nadav Hod
Cc: Tuure Vartiainen; radiator at open.com.au
Subject: Re: [RADIATOR] Password/certificate security seems next to none on Radiator server
Nadav,
You're just obfuscating by doing this as the RADIUS server still have
to get access to those things. Security through obscurity really
doesn't exist. It is a complete waste of time in my opinion.
You have to reply on encryption of the backing storage and OS security
primitives with administrative best practice to do this properly.
There is no other way.
Once somebody owns a box, all bets are off.
Regards,
Nick
More information about the radiator
mailing list