- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-19-2018 05:30 AM - edited 03-19-2018 05:34 AM
Hi,
I have read the following and had to laugh: "Changes to Default Behavior in Traps 4.1.3" :
For enhanced security, files in the web-based forensics (BITS upload) folder are no longer accessible to any device except the Endpoint Security Manager (ESM) Server and Console. Now, when you install or upgrade to ESM 4.1.3, the installer creates a user account (TrapsDownloader) and uses that account for accessing files in the BITS folder.
i don't think it is enhanced security to add a user named "TrapsDownloader" with a hardcoded password (easy to get), without a easy possibility to change it and this on a server with a administration tool for a core security product.
i did only noticed it because on a german OS, the console installer crahs with an error by adding this TrapsDownloader user, because he can not find the local Users group.
What you thinking?
F.Hufschmid
03-19-2018 05:50 AM
You can change the password with the DBconfig tool. If you open a case with support they will send you instructions.
03-19-2018 07:49 AM - edited 03-19-2018 07:51 AM
i find it out, it is analog to the ninja pw change:
C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server>DBConfig.exe server TrapsDownloaderPassword <YOUR_PASSWORD>
thx for the hint
F.Hufschmid
03-19-2018 05:50 AM
You can change the password with the DBconfig tool. If you open a case with support they will send you instructions.
03-19-2018 06:01 AM
Thank you, are you from PaloAlto support or sw engineer?
You agree with me that this change in the documentation should be large, bold and mandatory and should not be requested via support.
03-19-2018 06:04 AM
Yes and no. Yes, it should be better documented. No, specific information about a password or account that a security product uses, should have some control in the finer details being publicized. Which is why, support should have no issue passing you the information, on how to modify the password. The details of the account and function could use better detailing, in the admin guide.
03-19-2018 07:11 AM
No, specific information about a password or account that a security product uses, should have some control in the finer details being publicized.
Why not, every default password from traps should be in the public documetation, with a requirement to change it. If you search in the internet you find it anyway.
Only one good example where PaloAlto has done it:
Sorry for saying: all other obfuscation ist security by obscurity.
03-19-2018 07:49 AM - edited 03-19-2018 07:51 AM
i find it out, it is analog to the ninja pw change:
C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server>DBConfig.exe server TrapsDownloaderPassword <YOUR_PASSWORD>
thx for the hint
F.Hufschmid
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!