Chat now with support
Chat with Support

Foglight 5.9.5 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Secure remote access

An authorized user can access an appliance remotely using one of the following secure methods: Remote Access Controller (DRAC) or SSH.

To use DRAC, the appliance’s DRAC port needs to be connected to the public switch.
To use SSH, the user’s account on the appliance needs to be configured to enable SSH. By default, the setup account and all new accounts have SSH disabled. If SSH is enabled, the user account requires a strong password, which must contain at least the following elements:
an upper case letter
a lower case letter
a numeric character
one character that is not alphanumeric

For instructions, see the Foglight APM Installation and Setup Guide.

Restricted network ports for appliances

 
Table 2. Ports supporting communications among appliances and access to the Foglight® Management Server.
Port Number
Software Component
Purpose
Direction of Communication
7611 and 7612

All appliances

Communicate with other appliances

Management Server —> Sniffer or Archiver

7621 and 7622

Archiver

Communicate with other appliances

Management Server —> Archiver

7623

Relayer

Transmit capture data from Sniffers to Archivers

Sniffer —> Relayer —> Archiver

7602

Management Server

Communicate with other appliances

Archiver or Sniffer —> Management Server

8080

Management Server

Run the Foglight browser interface

Client —> Management Server

8443

Management Server

Run the browser interface over a secure connection (HTTPS)

Client —> Management Server

22

All appliances

Enable remote access using SSH

Client —> Appliance

Other open ports

The following TCP ports are left open to detect port-scanning programs: 1, 11, 110, and 143. For more information, see Layer 2: Port scan detection and blocking tool. When time synchronization with a time server using NTP is enabled, UDP port 123 is open.

Run the browser interface over a secure connection (HTTPS)

To use port 8443 instead of 8080, set the Management Server’s httpsonly option to true. When the Management Server is hosted on an appliance, the setting is located in the appliance.config file, which you can access from the command line.

To enable HTTPS on an appliance:
1
Log into the Console Program.
2
Select Advanced Options.
3
Select Access Shell.
4
Type: vi /opt/quest/foglight/config.appliance/appliance.config
5
Enable the following code by removing the leading hash symbol (#):
server.console.httpsonly = "true";
6
Save the change and exit vi by pressing Esc and then typing :wq
7
Type: rcfoglight restart
Enable remote access using SSH

To enable remote access using SSH, open port 22 for individual Console Program user accounts.

 
* 
TIP: When a remote troubleshooting session is required, enable SSH for the user account that will be assigned to the troubleshooter. As soon as the troubleshooting session ends, disable SSH access for this account.
To enable SSH for an existing user:
1
Log into the Console Program.
2
Select Console User Accounts.
3
Select Modify Console User.
4
Select the target user account.
5
Select Enable/Disable SSH.
6
If the account does not use a strong password, follow the prompts to change the password.

Defense against Denial-of-Service attacks

Any network services that are not required for the operation of APM appliances are removed. This reduces the possible avenues through which an attacker may attempt to gain access. For example, the appliance does not respond to ping requests. A firewall (Bastille) and a port scanning tool (Port Sentry) are used to restrict and monitor access to appliances. In addition, certain ports have been opened for the sole purpose of intrusion detection. If an appliance observes a computer probing any of these ports, it automatically records the computer’s IP address and blocks any future access. Such an event is recorded in the logs.

Logs for appliances

In addition to the logs provided by the Management Server (see “Audit log” and Log files ), appliances have the following types of logs:
Configuration Change Log — All changes to the configuration through the APM > Traffic Capture or APM > Traffic Analysis dashboards are recorded in the Configuration Change Log on the appliance hosting the Management Server. For more information, see “Managing Configuration Changes” in the Foglight® APM Administration and Configuration Guide.
Console Program Logs — Changes to the appliance are logged in the following logs:
Sniffer changes: /var/log/sniffer
Relayer changes: /var/log/relayer
Upgrade: /var/log/install and /var/log/rpmupgrade
Support Bundle Logs — Log files are also created when generating a support bundle from the Console Program, including:
/var/log/systemhealth.log
/var/log/sysinfo.log
/var/log/ifconfig.log
/var/log/ethtool.log
/var/log/archiver.shardtable
/var/log/archiver.mysql
/var/log/archiverproxy.threaddump
/var/log/appliancemon.threaddump
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating