Announcement

Collapse
No announcement yet.

How secure is Hyena

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Guest's Avatar
    Guest replied
    Re: How secure is Hyena

    Hyena is an application that you run from an NT client after you have logged into the machine. It doesn't require a username or password for Hyena itself.

    Hyena doesn't handle any of the communication across the network. It issues the call to NT, and then NT's networking layers handle the rest. This design isolates applications from the networking aspect and allows NT to control all of this.

    Any encryption and security measures will be what you have your network configured for.

    Leave a comment:


  • mrinfosecurity
    replied
    Re: How secure is Hyena

    ARe you saying that you do not need a user id and password to access Hyena!?

    You just install it onto you client and execute it?

    I understand the access to the target system uses the standard WNT authentication user id and password w/appropriate user rights and/or group access.

    Is your product browser based or client/server based? If browser, do you support SSL? If client based how do you secure the remote connection (you mentioned windows API - how secure are windows API's can I monitor the traffic with a sniffer?

    Louis

    <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
    <span style="font-weight: bold">Hyena is a client-side application so there is no need to worry about installing anything on your servers.

    There is no authentication required to run Hyena, but the user will be limited by NT security as to what changes can actually be made when running Hyena.

    File and directory access will be the same as what can be done using NT Explorer.

    The user doesn't have to be a member of any special groups to run Hyena, but they will need to have certain privileges on NT before they can make changes or additions.</span></div></div>

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: How secure is Hyena

    Hyena is a client-side application so there is no need to worry about installing anything on your servers.

    There is no authentication required to run Hyena, but the user will be limited by NT security as to what changes can actually be made when running Hyena.

    File and directory access will be the same as what can be done using NT Explorer.

    The user doesn't have to be a member of any special groups to run Hyena, but they will need to have certain privileges on NT before they can make changes or additions.

    Leave a comment:


  • mrinfosecurity
    replied
    Re: How secure is Hyena

    How do I control who has access to Hyena?

    How do I control what functions a user has within Hyena, once they have securely access the application.

    Are there client and server components?

    Louis
    <div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">Originally posted by cmccullough:
    <span style="font-weight: bold">Hello Louis,

    Hyena relies on Windows NT for its security. All functions use Windows NT API calls, which are handled by NT.

    This is the same as when you use User Manager or Server Manager to make changes on your network, NT is handling the communication across the network, verifying permissions, etc.

    Hyena also doesn't do any logging of information because if you have auditing enabled on your network, NT will log this information into the Event Log for you.

    Let us know if you have any other questions about this.</span></div></div>

    Leave a comment:


  • kstanush
    replied
    Re: How secure is Hyena

    Thanks for the excellent question, Louis.

    Hyena does not change the environment in any way on your system or server. Hyena uses only documented software API functions to access to various information resources on your servers and network. In fact, using Hyena is not any different than using the builtin tools that Microsoft provides under NT 4.0 or Windows 2000, except that Hyena includes more functionality in one interface.

    Since we use the same mechanisms as Microsoft's applications, we don't change the security model (that would be a impossible and defeat the purpose of NT/2000's security), and therefore you don't need to authenticate to Hyena. Hyena uses the same access that you have when you run the application. Hyena also does not log any information or keep any history, as Microsoft's applications don't either. You can, however, turn on various auditing setting in NT/2000 itself and have these changes logged. This would be true regardless of what application (Microsoft's or Hyena) that you use on your network.

    Let me know if this addresses your concerns.

    Hyena, by the way, has been on the market for 4 years now.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Re: How secure is Hyena

    Hello Louis,

    Hyena relies on Windows NT for its security. All functions use Windows NT API calls, which are handled by NT.

    This is the same as when you use User Manager or Server Manager to make changes on your network, NT is handling the communication across the network, verifying permissions, etc.

    Hyena also doesn't do any logging of information because if you have auditing enabled on your network, NT will log this information into the Event Log for you.

    Let us know if you have any other questions about this.

    Leave a comment:


  • mrinfosecurity
    started a topic How secure is Hyena

    How secure is Hyena

    Will the installation and use of Hyena compromise the security of my environment. For example, what authentication methods can be used to authenticate yourself to the Hyena application? Is the communications between client and server encrypted? What users rights are required to access the Hyena application? Does Hyena have auditing capabilities to log who logged-in, date and time, whhat systems they connected to, what functions they performed on those systems, etc.

    Best Regards,

    Louis
Working...
X