Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Configuration Best-Practices Auditor

I have seen a lot of ASG systems out there, which have use a insecure or not (possible) optimal configuration in ASG. Some other manufacturers will bring up while configuration already a warning, when a setting may affect system security.

It would be nice to have a possibility to start a basic system configuration checker, which will check the configuration against some "best practice" recommendations and generate a little audit report with found issues, a small explanation and a recommendation to make it better.

Issues could be (to list some...)
- inappropriate configured proxies with access from ANY networks
- Webadmin Access or SSH access from ANY Networks
- Packetfilter rules from internal networks to Internet with ANY Service allowed
- Exceptions that may affect Security Services as IPS or AFC (as exclude source internal networks from IPS...or similar)
- Anti Portscan not activated
- Insecure passwords for users
- no FQN name set for SMTP proxy
- no BATV secret set for SMTP proxy

and so on...

14 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Sascha ParisSascha Paris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • ChrisChris commented  ·   ·  Flag as inappropriate

        I like the way Microsoft picks up this issue: They have a so called Best Practice Analyzer for many products which check various configurations against rules. This rules are updated regularely and contain misconfigurations as well as performance problems.

      • david hamandavid haman commented  ·   ·  Flag as inappropriate

        From an IT Management and Security Director standpoint this makes the most sense to me. This would also give ASG a huge leg up on the competition out there.

      • david hamandavid haman commented  ·   ·  Flag as inappropriate

        i also think there should be better hardware compaibility for the asg user who wishes tio run on a spare pc, i currently run on an Intel pentioum D 3.4 W/ 2gb ram, but had many issues trying to run asg on any amd x2 chip set, installation failed on a sb740 chipset, aswell as a nvidia 6100 chipset mp-bios bug 8254

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        This is a great idea to mix with the one about being able to print out the configuration. What a great tool for tech support! My wife wrote a "sysinfo" script for IBM AIX boxes so she can get a quick look at what's happenning when people need help.

        An Astaro "Auditor" program would be much better than the raw information one gets from 'Config dump'.

        Practically speaking, there are some well-know mistakes that can be made, and some already receive warnings in WebAdmin. I suspect there are many more one could check for if one weren't concerned about mucking up the programming in the product.

      Feedback and Knowledge Base