Skip Headers
SigTest User's Guide
Version 3.0
  Go To Table Of Contents
Go To Index


1 Important Security Information

This section describes known SigTest product vulnerabilities that can be exploited by authorized or unauthorized users or others who have access to the network where the the SigTest product runs.

This chapter contains these topics: .

1.1 Introduction

It is important to note that the SigTest product is fundamentally a developer system that is not specifically designed to guard against malicious attacks. This section describes known vulnerabilities that can be exploited by authorized or unauthorized users or others who have access to the network where the SigTest product runs. When installing and operating the product, consider these vulnerabilities and take action to mitigate potential threats.

1.2 File Access Risks

The SigTest product tools read, write, and deletes files and can therefore potentially expose or damage information stored in files.

1.2.1 Path Vulnerabilites

The SigTest tools do not prevent users from accessing sensitive files that are accessible from the computer on which the tools are running — including attached/mounted remote filesystems. A tool user can therefore directly or indirectly examine file contents or overwrite them. To mitigate against accidental or intentional misuse of sensitive files, consider setting file permissions to give the least feasible access to tool users.

1.2.2 File Creation Permissions

The SigTest tools are intended to be run by users who are trusted to properly handle files they have access to. The tools do not attempt to override any file permissions that are in place to protect files or restrict the user. Additionally, the tools create files with whatever permissions are the default for the user running the tool (on Unix systems, the umask, etc). If you want to restrict access to files created by the tools, ensure that user default file creation permissions are set accordingly.

1.3 Network Access Risks

The SigTest tools are intended to be run in a semi-trusted environment. Never expose the tools directly to the Internet, which can provide a path for malicious intrusion. Most test scenarios require no network and can be run on a standalone machine. If you must run tests on a networked machine, the most secure configuration is a local network that is physically isolated from organizational intranets and sensitive information.

1.4 Remote Agent Risks

The SigTest tools permit the use of custom remote signature loaders (see "Using Custom Signature Loaders"). Such a remote signature loader uses open communication ports on the SigTest host computer and on a remote computer; therefore you must ensure that both machines are protected from malicious attack. You must also ensure that the remote class loader itself is not malicious. For the most secure operation, connect the SigTest host and remote computers only to a protected intranet on a physically isolated network.