The following email is going out to all NATS clients now:
Quote:
Dear NATS Client,
We have become aware of a security issue involving a few of our clients and would like to take this oportunity to aid you in improving the security of your NATS install. There are a number of ways that you can strengthen the security of your NATS install:
1. It is recommend you IP restrict access to your NATS admin area through the NATS configuration. To set this up, you can place a comma separated list of IP addresses that you wish to allow access to your NATS admin in the ADMIN_IPS field in your configuration admin.
2. We have recently added a new feature that gives you the ability to have all requests to your admin area of NATS posted to a URL of your choice. These posts will include the IP and loginid of the user that is accessing any admin page. This will allow you to closely monitor all admin accesses to your install. Please put in a support ticket if you wish to be updated with this feature.
To be as secure as possible we will be initiating a password change for the TMM admin accounts on all NATS installs on which we have the ability to and we will no longer be storing these passwords at all. We have done this in the past with server access passwords and feel the best way to be as secure as possible is to extend this practice to admin logins also. This will of course cause us to need to contact you to grant access when we must perform anything on your install.
If you have any questions or require any assistance in setting up or changing your NATS configurations or passwords please post a ticket in our support system.
Thank you,
Too Much Media
|