지금 지원 담당자와 채팅
지원 담당자와 채팅

Foglight 6.0.0 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight FIPS-compliant mode Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Layer 2: Port scan detection and blocking tool

Many network intruders begin an attack by scanning the target network. Detection of such a scan offers one indication that an attack is about to begin. Appliance software attempts to detect such scans by monitoring access to ports that are not active on the appliance system, but are typically exploited by hackers (for example, FTP, POP3, IMAP). Upon detection, the appliance automatically adds the source IP address of the potential attacker to the firewall rule-set and blocks all future packets that appear to originate from that address. This functionality is implemented using the Port Sentry tool (for details, see http://sourceforge.net/projects/sentrytools).

Layer 3: Customized operating system distribution

System tools that are part of an operating system could potentially be exploited by hackers. To reduce this risk, the following measures are taken:
Appliances have a minimal version of the 64-bit SUSE Linux® Enterprise Server (SLES) 11 operating system preinstalled.
The latest operating system security patches and upgrades are applied with every release of the appliance software.
Many tools and packages that represent common vulnerabilities are stripped out of the distribution. For example, server instances of Telnet, FTP server, rlogin, NFS, Samba, and lpr are not installed on the appliance.
Access to potentially exploitable tools (such as ping and traceroute) is severely restricted.
ping — The appliance’s Console Program uses the ping utility to verify network access during the appliance setup process. The Console Program requires a user account distinct from the browser interface user account. For more information, see User authentication on appliances .
traceroute — The traceroute utility is used only as an option in the alerting system; users can specify to traceroute to a particular IP address if an alert is triggered. There is no other access to the traceroute utility other than through the alerting system.
Appliances implement shadow passwords to make brute force password attacks harder to execute.
All standard Linux® user accounts available on the appliance (such as, shutdown, halt, and mailnull) have no login shell that allows an attacker to enter shell commands. For more information, see User authentication on appliances .

Layer 4: Apache Tomcat server configuration

Appliances use Apache Tomcat to facilitate communication between the software components on the appliances, primarily between the Management Server and the Archiver. Communications between software components are encrypted, with the exception of Sniffer to Archiver data transfer. Appliances require SSL and client authentication for any request received from an external source (external to the appliance). For more information, see Secure data transfer between software components.

Restricted access to appliances

Access to appliances is restricted and secured in the following ways:
No root access
User authentication on appliances
Secure remote access
Restricted network ports for appliances
Defense against Denial-of-Service attacks
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택