Security and vulnerability reporting
Securing an IPAM/CMDB repository
Addressing data describes networks, applications and dependencies. teemIP must therefore be deployed and operated as a critical internal repository.
Responsible reporting
To report a suspected vulnerability, write to security@teemip.com with the affected version, the installed extensions, reproduction steps and the expected impact. The goal is to qualify the issue, coordinate a fix and avoid exposing operational information.
Deployment practices
| Topic | Recommended practice | Why it matters |
|---|---|---|
| Access | Use HTTPS, strong authentication, least privilege profiles and named accounts. | Limit access to addressing plans, CMDB relationships and operational data. |
| Exposure | Do not expose administration interfaces unnecessarily; restrict access by network zone or VPN when possible. | An IPAM is a mapping of the information system. |
| Traceability | Keep logs, backups, exports and change history under a retention policy. | Recover from mistakes and investigate changes to blocks, subnets and addresses. |
| Integrations | Secure API accounts, imports, DNS/DHCP synchronizations and scripts with dedicated rights. | Automated integrations can update many objects quickly. |
teemIP security capabilities to organize
- Separate profiles for administrators, hostmasters, operators and portal users.
- Control of blocks, subnets, IP ranges, addresses and linked CIs through the iTop permission model.
- Traceability of changes and ability to review operational data before audits or migrations.
- Documented REST/JSON services for integration with clear technical accounts.
- Backup and restore procedures aligned with the database, attachments and configuration files.
Shared responsibilities
The public code, wiki and release channels make technical review possible, but production security also depends on hosting, update rhythm, extension choice, account governance and operational procedures. A security review should therefore cover both the teemIP/iTop platform and its surrounding infrastructure.