Current time: 06-27-2017, 03:24 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
WannaCry Patch for WPT Agents
05-16-2017, 01:10 AM (This post was last modified: 05-16-2017 11:18 PM by pmehta.)
Post: #1
WannaCry Patch for WPT Agents
Hi Pat

We use WebPageTest Private Instance at our organisation (such a great tool it would be silly not to). We are using the latest version of Private Instance (3.0) which creates test agents on demand and auto updates itself. In light of recent Windows threat are you expecting to upgrade the amis to get them patched up in near or distant future?

I know WebPageTest Agents are isolated and stateless windows machines and so long as we have proper firewall rules in place I can't think of any scenarios where
a) being locked out from web page test agent or
b) test agent can be used to infect another machine

would *not* be a concern especially when they get autoscaled (down) eventually. So only reason I ask this is to satisfy our security manager.
Find all posts by this user
Quote this message in a reply
05-16-2017, 11:20 PM
Post: #2
RE: WannaCrypt Patch for WPT Agents
I may update the AMI's to get updates and in particular to update the root certificate stores but not specifically for WannaCrypt. The agents don't need SMB access of any kind and really don't need inbound connections and by default should be launched with firewall rules that don't allow any external access at all (only outbound requests). They are also configured so that the only things active on the interface are IPv4 and dummynet (though not sure that not having file sharing enabled makes a difference).

Unless you explicitly open inbound ports for SMB on your agents there should be no infection vector.

If they do get infected, there's nothing in the config to get them to not spread the worm.

As far as operation goes, I'm not sure what it would do to a running agent if it got compromised. As best as I can tell, tests would probably continue to run and may even work if the temporary zip file and images (for the filmstrip) don't get encrypted before they get uploaded.
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)