Security Concerns

Core Files and Security

You should be aware that a saved core file contains your local secret. While it would be difficult for someone to discern or discover the secrets from this file, it is possible. You should, therefore, protect a core file as carefully as any of your other local secrets. Remember, if you send your core file out-of-house for analysis, you are giving your local secret to the analyst.

Any system backups made while such a core file exists may contain the core file as well and so must be considered a possible means of discovering your local secrets. These backups must be kept in a secure location.

Expired Certificates and Security

Two systems can still communicate even after one of the systems's certificate has expired; communication between two peers persists until you issue a skipd_restart command. The key manager daemon or commands check against certificate expiration upon identities addition or daemon restart. There is no checking against certificate expiration when the ACL and the corresponding key management information have been passed to the kernel.