/build/static/layout/Breadcrumb_cap_w.png

KACE100 - Disable SSH and SNMP - Vulnerabilities

Our vulnerability scanner is detecting these vulnerabilities below and I would like to know how to properly harden KACE1000  v9.0.270.

I tried to disable SNMP and SSH but got the following error:

- You can not switch to QAS auth. No joined domains.

Is there a reason I cannot do this as I do have Admin access with my Domain Account.


Below is the list of vulnerabilities I would like to resolve with the severity 4 and 5 being the most important but of course I would like to fix them all.

5 EOL/Obsolete Software: SNMP Protocol Version Detected
4 OpenSSH 7.4 Not Installed Multiple Vulnerabilities
4 SNMP GETBULK Reflected Distributed Denial-of-Service Vulnerability
3 Readable SNMP Information
3 NetBIOS Release Vulnerability
3 NetBIOS Name Conflict Vulnerability
3 WINS Domain Controller Spoofing Vulnerability - Zero Day
3 OpenSSH Username Enumeration Vulnerability
3 OpenSSH Xauth Command Injection Vulnerability



0 Comments   [ + ] Show comments

Answers (1)

Posted by: AbhayR 5 years ago
Red Belt
0

Are you trying to just disable SSH/SNMP or also enable/disable Single Sign On ? What is your SSO setting set to ?


Comments:
  • I'm trying to disable SSH/SNMP. I'm not sure why the SSO prompt comes up as it is not an option in the security settings. For Authentication we have LDAP Authentication but we still have to enter in our password. I was not trying to change that. - kent.farries 5 years ago
    • There is a Single Sign On section under security settings page which may be connected to AD. Please check if you have that option enabled. - AbhayR 5 years ago
      • How did I miss that? Thank you for the help. - kent.farries 5 years ago
  • Perfect ! - AbhayR 5 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ