Foglight® does not run JavaTM code in the browser, and therefore is not vulnerable to Java applet security issues. The recently reported Vulnerability Note VU#625617 is one example of such an issue.
Clickjacking is a vulnerability that causes an end user to unintentionally click invisible content on a web page, typically placed on top of the content they think they are clicking. This vulnerability can cause fraudulent or malicious transactions. One way to prevent clickjacking is by setting the X-Frame-Options response HTTP header with the page response. This prevents the page content from being rendered by another site when using iFrame HTML tags.
The Foglight Management Server adds the X-Frame-Options response HTTP header with the page response in the main URL: https://<localhost>:<port>/console/page. For the following two URL addresses, you can specify whether or not the page content is rendered by configuring the Frame Option option:
• |
• |
After specifying the value of Frame Option, the Foglight Management Server overwrites the value of the X-Frame-Options response header with the value of Frame Option. The value of the Frame Option option includes the following:
FIPS (Federal Information Processing Standard) 140-2 is a U.S. government security standard for hardware and software cryptography modules. Modules validated against the standard assure government and other users that the cryptography in the system meets the standard. For more information about the NIST FIPS 140-2 program, see Cryptographic Module Validation Program (CMVP) validation.
When FIPS-compliant mode is enabled:
To enable FIPS-compliant mode, select FIPS Compliance Mode in FIPS Compliance Settings during installation of Foglight Management Server.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center