Symantec Security Assessment: SupportDesk™ 9 Product Penetration

PDF Version (84KB)   Email This Item

NetworkStreaming Security Architecture

2. Server-side Authentication and Authorization

All NetworkStreaming application servers use dedicated application accounts when accessing server functionality and data. During the assessment, Symantec conducted a variety of attack scenarios designed to circumvent the authentication mechanisms implemented in SupportDesk™. Symantec found that both the web-based and client-server interfaces to SupportDesk's™ back-end components required the user to successfully authenticate with a valid username and password. All attempts to bypass the authentication components were rejected by the application, thereby preventing access to functionality and data on the server.

Symantec also found that SupportDesk™ supports per-user privileges that offer more granular control over access to application functionality and data. When accounts are created, the administrator is presented with a list of privileges that can be selectively granted to the user, including the ability to view and/or control a customer's machine remotely or the ability to act as an administrator for the application. During the assessment, Symantec also attempted to bypass access control functions and access functions and/or data that should have been restricted to more highly-privileged users. These attempts were rejected by the access control mechanisms built into the application. Finally, Symantec also notes that separate administration accounts and interfaces exist to govern administration of the SupportDesk™ appliance and the administration of the application itself. This provides additional segregation between user functions within the overall application environment.

<< Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Next >>

The Adobe® logo is a registered trademark of Adobe Systems Incorporated in the United States and/or other countries.