![]() and default SSL configs, trusting any certificate ![]() with the default admin/changeme password. This box was: Running Splunk forwarder as root. Why this stuff matters A DPS penetration tester found himself on a random Linux box as an unprivileged user. ![]() Splunk’s default SSL posture The out-of-the-box configuration: All certificates are generated on a default-shipped CA configuration Splunkweb does not use SSL Splunkd uses SSL for the REST port - with certificate verification disabled No SSL data inputs/outputs are defined Splunkd LDAP can use SSL - again with no certificate verification 5 Splunk Architecture and SSL Splunkweb (SSL to browsers) Splunk-to-splunk data transfer (forwarders to indexers) Splunkd REST port (Inter-Splunk) Deployment Client / Deployment Server REST API / SDKs Distributed Search SSL Refresher Authentication of the server (the server is who they say they are) Optional authentication of the client Bulk encryption of data in transit Several moving parts, “CAs”, “keys”, “CSRs”, “certs” We often say "SSL" when we mean "TLS". Best Practices for Splunk SSL Duane Waddle Defense Point Securityĭuane Security Engineer at Defense Point Security Splunk admin since 2010, Splunk Certified Architect Occasionally masquerade as a fez-wearing duck on the Interwebs Defense Point Security Provider of cyber security services to commercial and gov't clients 2014 Splunk Partner of the year, ProServ Public Sector We're hiring! () 2
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |