One of the biggest problems that I saw with DNP and WSP still seems to persist in this version; that is the fact that the server site runs as an administrative user. This allows a compromised site running ASP or .net to be able to extract the credentials for this account from the MetaBase.
To make matters worse, if the server si on a domain then they can use tools like Mimikatz to capture domain level credentials and spread filth across your entire windows domain. I would really like to see the sites use non-admin credentials and then talk to a backend service that has the admin access. This would greatly reduce the risk associated with using this product.
Additionally, this product should handle filesystem permissions like Plesk does; that is lockdown filesystem access for the SCP_IUSRS group so that the group has no access to anything they do not need, and there should be a system in place where you can tell SCP what custom permissions it should set for this group on third party objects that SCP doesn’t just know about.
The lack of these two things is preventing us from deploying this product.
I am really done arguing with you. You are obviously not concerned with making a secure control panel. You would rather everyone else secure everything around your CP.
>In the end the basics stay the same as any other panel. we really can’t get around that.
This is completely incorrect. Maybe take the time to actually learn about how some of your competition works?
>everyone can lock down the SolidCP Server module –> even with Windows Firewall and bindings, only the Portal needs access to it (which runs on normal privs)
Other sites running on the same server bypass the firewall…..
>And as i also shown you: the setups are not vulnerable for the tools you mentioned, no server is that is properly setup.
You haven’t shown me anything, other than the fact that you couldn’t use certain portions of one tool in the context of a fully locked down site. When you are managing the hosts of other companies that have looser security requirements so that they can support and therefore attract a wider range of clients; you have situations where these tools can be leveraged. You can secure against them as much as you can without breaking functionality of their site; however there is some things in these situations that you cannot protect against, and having a site running with admin credentials presents a major security vulnerability in these situations.
All I am saying is that you guys should really spend some time making a backend service, not a website that does the job of the server component. It’s fine if you don’t want to, just say “we don’t want to do that”. Don’t tell me it isn’t necessary, because you are simply not correct.