NCM and config file security

sjocchiogrosso · ‎07-14-2014

Question in regards to the latest version of NCM and the security of the configuration files. I know the configuration files are stored in the Database, does anyone know if it is possible to pull these files directly from the SQL DB, bypassing NCM security.

I just want to verify users that are locked out of the NCM App, won't be able to pull the information directly from the Database. Or if someone can take a backup of the Orion DB and essentially have all the device configurations contained within it.

fholzapfel · ‎07-15-2014

Hi Stephen,

if you have the Need to secure your NCM then do so.

A user with the rights to connect to the Orion DB can of course read the specific table (ConfigArchive). But this user has possible the access to the folder of the ConfigArchive, too.

So implement limitations.

First do anyone need a remote access to your Orion DB if not so then filter it. If you have a Microsoft machine (win 2012 R2) or something like that then take advantage of your firewall.

Also reduce the rights of access the configarchive folder for only a specific AD-Group.

If a NCM user is disabled he has no read-access anymore on your Oron DB.

For your backup Szenario please use an encryption such as bitlocker or other really fancy products.

So in my point of view you have to secure your machine and your applications on your NCM.

Kind regards,

Flo

cvachovecj · ‎07-17-2014

Hi Stephen Occhiogrosso,

Points by fholzapfel are really great.

I would add that you might want to enable TDE on your SQL server: Transparent Data Encryption (TDE)

Regards,

Jiri

sjocchiogrosso · ‎07-26-2014

Thanks for the verification guys.