Information Technology Reference
In-Depth Information
■
Use Encryption
This option ensures that all inventory data and state messages
are encrypted by using the Triple Data Encryption Standard (3DES) encryption
algorithm when sent to the management points. You can use this option for envi-
ronments in which inventory data might contain sensitive information.
To enable signing and encryption for the site, complete the following procedure:
1.
In the Configuration Manager console, click the Administration workspace.
2.
Expand the Site Configuration node and then click Sites.
3.
In the list view, right-click the site and then click Properties.
4.
In the Site Properties dialog box, click the Signing And Encryption tab.
5.
Select the signing and encryption options as needed.
■
Disable Any Custom MIF File Collections
Although you can extend inventory by
collecting IDMIF and NOIDMIF files, the MIF files that the hardware inventory agent
collects are not validated. As a result, a malicious user could use the MIF files to alter
your site's database by overwriting valid data with invalid data.
■
Do Not Collect Critical Or Sensitive Files
The inventory client agent runs with the
rights of the LocalSystem account. This account can collect copies of critical system
files, such as the registry or security account database. When these files are available at
the site server, someone with permission to read the collected files could analyze their
contents and potentially discern important client details that could enable him or her
to compromise its security.
■
Use An Appropriate Deletion Interval For Aged Inventory Data And Collected
Files
You can ensure the encryption of data that is sent from the client to the man-
agement point, but the data that the site database stores is not encrypted. Therefore,
you should determine how long you want the database to retain the inventory infor-
mation and collected files and configure the Delete Aged Inventory History and Delete
Aged Collected Files site maintenance tasks as appropriate.
To configure the deletion interval for the Delete Aged Inventory History and Delete Aged
Collected Files site maintenance tasks, complete the following procedure:
1.
In the Configuration Manager console, click the Administration workspace.
2.
Expand the Site Configuration node and then click Sites.
3.
In the list view, right-click the site and then click Site Maintenance.
Modify the properties for the Delete Aged Inventory History and Delete Aged Col-
lected Files site maintenance tasks as required. This dialog box is shown in Figure 6-8.
4.
