지금 지원 담당자와 채팅

라이브 도움말 보기
등록 완료

로그인

가격 산정 요청

영업 담당자에게 문의

Foglight 6.0.0 - Security and Compliance Guide

콘텐츠 탐색

Security overview

Foglight security measures Customer security measures Security features in Foglight

Service accounts

Agent credentials

Foglight users and groups Role-based access control Password policies

Setting password complexity levels

Required privileges

Installing Foglight Management Server Running Foglight Management Server Installing agent Components Manual database configuration

Controlling remote system access with credentials Protection of data collection infrastructure

Installation of data collection clients Agents requiring privilege escalation

Protection of stored data

Credentials for Foglight users LDAP credentials Management Server repository database credentials Foglight agent credentials Database repository

Protection of communicated data

Web application security Communication between Management Server and agents Communication between Management Server and clients Communication between Management Server and Java EE technology agents Communication between Management Server and XML over HTTP(S) agents Communication between Management Server and repository database

Default port assignments Agent adapter ports Client communication

Configuration parameters Audit log Log files Masking sensitive input data Uninstalling Foglight IPv6 Monitoring patches for the embedded database Daylight savings time extension QuestClick scripts Understanding the Foglight platform's relationship to Java "Clickjacking" vulnerability

FIPS-compliant mode

FIPS-compliant mode for Foglight Management Server FIPS-compliant mode for Foglight Agent Manager

Security features for APM appliances

Overview of APM appliances Trust model Multiple layers of defense

Layer 1: Firewall Layer 2: Port scan detection and blocking tool Layer 3: Customized operating system distribution Layer 4: Apache Tomcat server configuration

Restricted access to appliances

No root access User authentication on appliances Secure remote access Restricted network ports for appliances Defense against Denial-of-Service attacks

Logs for appliances Data entry validation for APM dashboards Installation of upgrades and patches Customer data protection on appliances

Restricted access to sensitive captured data Secure data storage in the Archiver database Secure data transfer between software components Secure use of customers' private keys

Usage feedback Appendix: FISMA compliance

NIST 800-53 categories

Defense against Denial-of-Service attacks

Any network services that are not required for the operation of APM appliances are removed. This reduces the possible avenues through which an attacker may attempt to gain access. For example, the appliance does not respond to ping requests. A firewall (Bastille) and a port scanning tool (Port Sentry) are used to restrict and monitor access to appliances. In addition, certain ports have been opened for the sole purpose of intrusion detection. If an appliance observes a computer probing any of these ports, it automatically records the computer’s IP address and blocks any future access. Such an event is recorded in the logs.

Logs for appliances

In addition to the logs provided by the Management Server (see “Audit log” and Log files ), appliances have the following types of logs:

•

Configuration Change Log — All changes to the configuration through the APM > Traffic Capture or APM > Traffic Analysis dashboards are recorded in the Configuration Change Log on the appliance hosting the Management Server. For more information, see “Managing Configuration Changes” in the Foglight® APM Administration and Configuration Guide.

•

Console Program Logs — Changes to the appliance are logged in the following logs:

•

Sniffer changes: /var/log/sniffer

•

Relayer changes: /var/log/relayer

•

Upgrade: /var/log/install and /var/log/rpmupgrade

•

Support Bundle Logs — Log files are also created when generating a support bundle from the Console Program, including:

•

/var/log/systemhealth.log

•

/var/log/sysinfo.log

•

/var/log/ifconfig.log

•

/var/log/ethtool.log

•

/var/log/archiver.shardtable

•

/var/log/archiver.mysql

•

/var/log/archiverproxy.threaddump

•

/var/log/appliancemon.threaddump

Data entry validation for APM dashboards

For the APM dashboards, Foglight® validates user input in its browser interface and on its back-end. This includes checking that the correct data type is entered (for example, no numbers are entered in a text-only box) and restricting the length of input, such as to avoid certain potential buffer overflow attacks.

Installation of upgrades and patches

When the appliance software needs to be updated, the upgrade or patch package is digitally signed with a PGP key to prevent customers from uploading unauthorized materials. Upgrades and patches are installed using the APM > Support > Upgrade Appliances dashboard. All registered appliances are updated. Alternatively, individual appliances can be updated using an appliance’s Console Program.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책 Cookie Preference Center