Hello, Mayk.
Could you be more specific about threats you'ку trying to defy in your OTRS
installation? AFAIK, there is no granular access control for ConfigItems in
OTRS::ITSM. You can open the whole CMDB to your agent, or not open at all.
Using encryption for access control is very cumbersome. You have to keep as
many encrypted versions of sensitive information as there are authorized
users - 1 version per user each encrypted with user's public key.
You can encrypt text info (logins and passwords) with GPG or OpenSSL and put
encrypted text into config item note noting the user name, whose public key
was used for encryption.
Anton.
2008/11/12 Mayk Backus
Hi all,
I have a question on securing OTRS. We use the config items to track systems of our customers. Verry usefull i find it to have the login data of systems on a notes field. Before i spend hours writing all the login data in the config items i'm wondering if this is a big security risk.
Are there means of protecting the data ? Is the data encrypted, or can i encrypt this ? Are there other safeguerds to take for example modsecurity ?
All information is welcome.
Kind Regards,
Mayk Backus
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs