Anonymous ID: 5eb1c5 Dec. 15, 2020, 2:59 p.m. No.24434   🗄️.is 🔗kun   >>4442

>>24074

 

This is such a trash summary of what SolarWinds does and it's potential impacts to election systems security. Obviously written by someone without firsthand knowledge of every installing, configuring, and using the software.

 

SolarWinds has many tool sets and it essentially presents a single pane of glass to network engineers, to show the current status of network devices and their links. No one buys SolarWinds because it has NetFlow graphs, or a syslog server as there so many better products out there than SolarWinds that collect and present this data.

 

Orion is the webserver and administration core of the software. Installed on a group of physical or virtual servers and suppored by SQL databases on the backend to hold all the data it collects. Its where the modules are configured to go out and poll (ping), discover the entire network only limited by firewalls which are commonly configured to allow the SolarWinds servers IP to pass.

 

As I've personally installed and used SolarWinds for many years I can tell you from firsthand experience in order to make SolarWinds work well and even recommended in their own configuration guides the server is given domain admin permission rights. There are many service accounts created that are also granted high level permission so that Network Engineers can use the toolsets effectively. While not every installation is like this I know alot are for the ease of administration.

 

SolarWinds literally maps your entire network, it knows and is usually configured to store your entire IP subnet in it's IPAM module and used to discover what IP addresses are in use by pinging them continuously.

 

SolarWinds Configuration Management and Automation modules leverage the SNMP protocol to remotely logon to network switches, routers, and firewalls to copy their running configurations and saving them. It's also used to push configuration changes to all or groups of devices in the same way.

 

Stop and think about this, if you have access to this you OWN the network. Hence the CEO's "God Mode" statement. You know the passwords, names, encryption protocols used and their IP's and what they are connected to....

 

If that is not enough, SolarWinds is also used in some organizations to do the same exact thing for Servers so I think you get the point here and why this is such a serious breach.