I’d normally use DBeaver ( ) for this type of thing. For demonstration purposes, I’m jumping straight to the host via RDP to snag some easy screenshots. In the grand scheme of things, if the host running the controller is compromised, it would be trivial to get remote access to the Unifi Controller using the loopback address without having remote desktop or console access. Those in infosec know that loopback addresses are only as secure as the system that operates them. While the database server only listens to the loopback address of the host it is installed on, it doesn’t require authentication. The back-end database for the controller is running a MongoDB database. In fact, it’s so awesome and versatile, it’s like they want us to install it on an old random laptop that we don’t actively use and will completely forget is running. This allows for a centralized install and administration of local Unifi devices without having to purchase an additional piece of software or hardware. It’s awesome that they provide a downloadable controller to Unifi equipment owners. The local Unifi Cloud Controller can be installed on a Linux or Windows system if you didn’t want to buy their “Cloud Key” hardware controller (). Unifi cloud-enabled devices got popped awhile back. And that’s OK.Ī compromised Unifi Controller host is a compromised Unifi network.
Ubiquiti pays security experts to do that. I’m not here to comment on the controller’s software design from a security perspective. We’ll leave that up to your own opinion, but we’ve used the devices and they work alright.
Unifi is a brand of devices that, well, unify together to make a better user experience for network users and system admins in the SMB arena. Ubiquiti’s Unifi controller is a network device, or software service, that controls Ubiquiti’s Unifi line of devices. TL DR:ĭon’t run the Unifi Controller on a laptop in the closet. Because, you know-that should be a thing.
0 kommentar(er)
