Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

OCS in internet public IP

Bonjour à tous

J'utilise l'inventaire OCS depuis des années. Maintenant, en raison de l'externalisation de notre CPD local vers le cloud, j'ai l'intention de continuer à l'utiliser, mais cette fois, j'envisage de l'utiliser sur Internet.

J'ai créé une instance EC2 dans AWS et je veux que les agents puissent accéder au serveur par une IP publique.

Je ne veux pas passer sous silence les recommandations de sécurité nécessaires à la synchronisation des agents, comme l'utilisation d'un certificat SSL (auto-signé) ou l'utilisation d'un nom d'utilisateur et d'un mot de passe.

Cependant, je crains toujours que le serveur ne soit piraté à un moment donné. Quelles autres mesures dois-je prendre pour renforcer la sécurité de mon serveur ? Serait-il judicieux d'utiliser un proxy entrant pour les agents ?

Meilleures salutations.

-----------------------------------------

Hello everyone,
I have been using OCS inventory for years.

I have been using OCS inventory for years, now due to the outsourcing of our local CPD to the cloud I intend to continue using it, but this time I am considering using it over the internet.

I have created an EC2 instance in AWS and I want the agents to be able to access the server through a public IP.

I don't want to skip the necessary security recommendations for the synchronisation of the agents, such as the use of a SSL certificate (self-signed) or the use of username and password.

However, I'm still afraid that the server could be hacked at some point, what other actions should I take to increase the security of my server? Would it be advisable to use an incoming proxy for the agents?

Best regards
in OCS Inventory NG server for Unix by (180 points)

2 Answers

+1 vote
 
Best answer
For internal usage of a company, the best place for OCS server is internal.

If you offer the service for companies, the OCS server need to be reachable thru Internet. (I think also OCS IS NOT enough strong and secure to be totally open on Internet)

You can (must ?) protect it by a reverse proxy (without all guarantees).

Also you can consider to filter ip source : each client goes on Internet using 1 ip adress, you can filter on all external ip address of your clients ...
by (20.1k points)
selected by
0 votes
for me ocs-inventory is too unsecure  to use it on a public ip.

I think you should at least use a reverse proxy with some sort of filters.

https://ofstack.com/Nginx/15821/configuration-for-preventing-sql-injection-attacks-in-nginx.html
by (24.5k points)
 
Powered by Question2Answer
...