Netdata Community

Concerns about recent Russian attacks using Management Software

With all the recent attacks using management software, how is NetData any less vulnerable to hacks (is it more safe for any reason)? I love it, but for my servers, it keeps me awake at night! (do you have any white papers on this?).

I am referring, of course, to recent hacks by REvil group into the Kaseya Ransomware attacks, and previous SolarWinds. NetData has high privilege to the core operations of a server too, so I’d like to know what NetData does to prevent these types of attacks, and/or what we, as users need to do for prevention of attacks using NetData.

Greetings from Russia :bear::woman_technologist:. I would use in general ‘some hackers’. Hm, by the way what is your IP address, sir?)

4 Likes
  • Netdata should be running as the netdata user generally, and it has either “regular user” permissions, or in some cases elevated read-only permissions to allow querying services.
  • It also normally only listens on localhost
  • It’s open source, hopefully leading to more eyeballs on the code

So an attacker would first have to access netdata, then cause it to run arbitrary commands, and then use that to gain root privileges.

Alternatively, an attacker might be able to perform a DoS attack by getting netdata to do things that exhaust resources.

So, while it’s certainly not impossible, I think netdata is doing the right things to limit problems.

Hey John,

Let’s take first things first. The Netdata Cloud is a very well-designed SaSS platform, by a team of senior engineers. We take security very seriously, but there is no reason it should be more secure than others.

Note that we don’t store passwords or metrics. Instead of p/w we use a magic link to login and for the nodes, we store only metadata. When you view your dashboard, you view the metrics as streamed by the node.

For the agent, it runs without special privileges and if you use proper security measures (e.g nginx reverse-proxy, block connections not from localhost, etc.) it should be very secure.

Please note that the Netdata Cloud can’t make any change to the Netdata Agent (currently). It simply receives data (to stream them to you) and alarms (to send notifications, show in the dashboard).

These links might prove useful:

Thanks @wmertens for responding. @ivan your comment is on-point, @johnstonf I have edited your post to remove the ethnic definition. It’s not relevant to this discussion.

It’s a fine line, but it’s best not to phrase things in a manner that others might find disrespectful. We don’t do that here, but I am sure you didn’t intend it that way.

Best,

Odysseas

1 Like

This post was flagged by the community and is temporarily hidden.

Hi @ivan, i just saw that you asked for my ip address…
Why do you want that?
Fred

Hey Fred, I am locking this thread since it’s getting out of topic.

Please refrain from labeling your views as “known”. We are not here to debate whether these attacks are gov sponsored or not, but to talk about the security of Netdata.

I have removed your message and please continue the discussion about the security of Netdata and not the origins of the hacks.

We don’t talk about topics that are inherently sensitive, such as politics, religion or sex.

I am pretty sure he was joking, implying that since he is russian, he must be a hacker.

Let’s try to keep this discussion on rails guys, it’s a very good topic to discuss. Security is vital to both us and the community, so let’s produce top-quality discussion.

Thank you for engaging and contributing. Especially to @johnstonf for raising this issue.

2 Likes