GFI Support vs. Security

GFI Makes several products that are a good fit for SMB’s (inexpensive and moderately reliable). I have had experience with their Network Server Monitor and MailArchiver products. The products work relatively well for smaller businesses. But, when you have an issue, it can be tough to figure out.

I have been working with an issue with the MailArchiver product where it will stop creating the search index on the message store when the index gets to around 1 gig. That means it only gets about 230,000 emails indexed (of the 400,000 or so so far this quarter). I have been working with tech support on this and, after about an hour of troubleshooting, I was asked to, “Download this patch, clear out the index, re-create the problem, run our special troubleshooting tool and upload those files to our ftp site.” I downloaded the patch and confirmed that the problem still occurs. Then I ran the tool and my fears were realized. I had roughly 9MB of text (that holds some sensitive information) to upload, in the clear, to an unknown server and allow someone to peruse. So, do I get the problem fixed or refuse to send the file to them. I compromised. I read/searched through the files, sanitized where necessary and uploaded. I still don’t like it…truly sanitizing the data to the point where there was nothing there that would help a nasty would have taken days, not to mention might have removed some tidbits they would need for troubleshooting (ou name longer than x characters causes problems for example). How would you have handled?

This entry was posted in bad security practices. Bookmark the permalink.

2 Responses to GFI Support vs. Security

  1. Nicks says:

    Hi fourbits,

    I would like to post some information on the troubleshooting tool used in the GFI products.

    This tool is used to gather data from the machine where the GFI product is installed, together logging which has been generated by the GFI product. The information gathered is not encrypted on purpose, so you may be able to check the content before it is sent to GFI support. You are free to remove information which you deem is too confidential.

    Before sending the files to support, or uploading them to the ftp site, you may also want to compress the files in a password protected protected archive.

    Finally, the ftp site where the files are uploaded is very secure. It is configured is such a way so as to allow clients to upload their troubleshooting files without being able to view what is on the ftp site.

    Nicholas Sciberras
    GFI Software – http://www.gfi.com
    Messaging, Content Security & Network Security Software

  2. fourbits says:

    I can (and do) appreciate the ability to wade through the plaintext in order to filter out anything “confidential”. Problems are: 1) I don’t want to have to write a script to parse the huge text files and 2) almost any information about my networks could give a foothold. If you’re still listening, what does GFI do to confirm that my system’s information is not available to anyone after the case is solved? SonicWALL has the worst practice I’ve run into, with all TSR’s (Technical Support Reports) that they have asked you to generate up on your mysonicwall.com account, making them only as secure as any tech that has ever wanted them or my mysonicwall.com password.

Leave a Reply

Your email address will not be published. Required fields are marked *