Chatta subito con l'assistenza

Ottieni assistenza in tempo reale
Completa la registrazione

Accedi

Richiedi prezzo

Contatta il supporto vendite

Foglight 5.9.2 - Security and Compliance Guide

Table of Contents

Security overview

Foglight security measures Customer security measures Security features in Foglight

Service accounts

Agent credentials

Foglight users and groups Role-based access control Password policies

Setting password complexity levels

Required privileges

Installing Foglight Management Server Running Foglight Management Server Installing agent Components Manual database configuration

Controlling remote system access with credentials Protection of data collection infrastructure

Installation of data collection clients Agents requiring privilege escalation

Protection of stored data

Credentials for Foglight users LDAP credentials Management Server repository database credentials Foglight agent credentials Database repository

Protection of communicated data

Web application security Communication between Management Server and agents Communication between Management Server and clients Communication between Management Server and Java EE technology agents Communication between Management Server and XML over HTTP(S) agents Communication between Management Server and repository database

Enabling FIPS 140-2 mode for HTTPS traffic Network ports

Default port assignments Agent adapter ports Client communication

Configuration parameters Audit log Log files Masking sensitive input data Uninstalling Foglight IPv6 Monitoring patches for the embedded database Daylight savings time extension QuestClick scripts Understanding the Foglight platform's relationship to Java "Clickjacking" vulnerability

Security features for APM appliances

Overview of APM appliances Trust model Multiple layers of defense

Layer 1: Firewall Layer 2: Port scan detection and blocking tool Layer 3: Customized operating system distribution Layer 4: Apache Tomcat server configuration

Restricted access to appliances

No root access User authentication on appliances Secure remote access Restricted network ports for appliances Defense against Denial-of-Service attacks

Logs for appliances Data entry validation for APM dashboards Installation of upgrades and patches Customer data protection on appliances

Restricted access to sensitive captured data Secure data storage in the Archiver database Secure data transfer between software components Secure use of customers' private keys

Usage feedback Appendix: FISMA compliance

NIST 800-53 categories

Security overview

This Security and Compliance Guide describes the Foglight™ security features. This document includes information about Foglight access control, data protection, and secure network communication. It also describes how Foglight security features meet the National Institute of Standards and Technology (NIST) recommended federal information security standards as detailed in the Federal Information Security Management Act (FISMA).

This document is intended for system administrators and other users concerned with the Foglight security features.

•

Foglight security measures

•

Customer security measures

•

Security features in Foglight

•

This section provides an overview of how Foglight manages information security.

It presents the Foglight security measures and Customer security measures at a high level, and then describes the Security features in Foglight.

Foglight security measures

Foglight™ provides detailed insight into the service relationships of end users, business and IT services, as well as applications and databases. Intuitive and flexible dashboards can be customized to provide multiple models and views of the managed environment.

Foglight consists of the Foglight Management Server (FMS), a database repository, and a set of cartridges. Foglight relies on a browser-based user interface and is controlled via role assignments in the Foglight security model. The Foglight Web application runs in an Apache Tomcat® server. Users interact with the FMS Web application via an HTTP or HTTPS connection.

Individual cartridges can be installed on the Management Server to provide monitoring capabilities for a variety of different end systems, including database and Web application servers. Cartridges contain agents that are typically deployed on the monitored systems. Some cartridges may contain agents that are deployed locally on the Management Server. These agents collect monitoring data and report it back to the Management Server. Users can then access this data in various forms.

Figure 1. Overview of interaction between Foglight components

Customer security measures

Foglight™ security features are only one part of a secure environment. The customer's operational and policy decisions have a great influence on the overall level of security. In particular, the customer is responsible for the physical security of Foglight and its network. Administrators should change default passwords and replace them with strong passwords of their choice.

Security features in Foglight

The following sections describe the features provided by Foglight™. This document does not address security features for individual Foglight cartridges. Please refer to a specific cartridge's security and compliance document for this information.


	NOTE: If your environment includes APM appliances, review Security features for APM appliances after you finish this section.

Strumenti self-service: Knowledge Base; Notifiche e avvisi; Supporto prodotti; Download di software; Documentazione tecnica; Forum utente; Esercitazioni video; Feed RSS

Contatti: Richiedi assistenza sulle licenze; Supporto tecnico; Visualizza tutto

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center