Chat now with support
Chat with Support

Foglight Experience Monitor 5.8.1 - Security and Compliance Field Guide

FxM security overview

This section provides an overview of how FxM appliances manage information security.

FxM measures

Managing information security systems is a matter of great priority for every organization. The level of security provided by software vendors has become a significant factor in IT purchase decisions. Quest Software Inc. strives to meet standards designed to provide its customers with their desired level of security, whether it relates to privacy, authenticity and integrity of data, availability, or protection against malicious users and attacks.

Foglight Experience Monitor is an appliance-based solution (a rack-mounted server with pre-installed software) that plugs into the customer’s network and passively monitors TCP/IP, HTTP, HTTPS, and SOAP traffic. Users access FxM reports by connecting to the appliance through a web browser. The appliance’s software is built on top of the SUSE Linux® Enterprise Server (SLES) operating system, and includes an Apache™ Web Server, as well as specialized Quest software. FxM connects to a network tap or the diagnostic (mirror or span) port of a switch or router, allowing it to examine the customer’s network traffic of interest. It uses a separate control port for incoming connections. If the customer provides SSL-enabled services, then it has the option of installing its private SSL keys on the FxM appliance, which allows FxM to monitor SSL traffic as well.

Foglight Experience Monitor is placed behind the customer’s firewall and connects to the spanning (or diagnostic) port.

Security was a design focus for FxM from the start, because it is assumed that the data it examines may be sensitive. FxM applies data encryption to a customer’s sensitive data, such as its private SSL keys. It allows the customer to configure the type of data (packets) that should be monitored for the purpose of analyzing the customer’s system performance.

FxM severely limits the number of ports through which its services communicate. It allows you to enable secure communication over SSL or SSH for the following types of connections: web console, probe to portal database communication, and remote terminal access.

 
* 
NOTE: Remote MySQL® connections opened by users with Remote database access enabled are not secure.

Foglight Experience Monitor also runs a firewall, a port scan protector, and a restricted instance of the Apache™ Web Server to protect against hacker attacks and exploit attempts.

For detailed information about the security features provided by FxM, see FxM security features.

Customer measures

The FxM security features are only one part of a secure environment. The customer’s operational and policy decisions have a great influence upon the overall level of security achieved. In particular, the customer is responsible for the physical security of the appliance and the security of the network from which the appliance is accessible. Customers should install security patches promptly. Administrators should choose strong passwords and change them regularly.

FxM security features

This section describes the security features provided by FxM:
Multiple layers of defense
User authentication and access control
Restricted access to the appliance
User data protection
Product updates

Multiple layers of defense

FxM employs multiple layers of defense to protect itself against intrusions and hack attempts. These layers include:
A built-in firewall (see Layer 1: Firewall).
A port scan detection and blocking tool (see Layer 2: Port scan detection and blocking tool).
A customized installation of a Linux® operating system, in which certain unused and vulnerable services have been removed (see Layer 3: Customized operating system distribution).
A specially-configured Apache™ Web Server (see Layer 4: Apache Server configuration).

Layer 1: Firewall

Foglight Experience Monitor appliance is designed to be installed in network environments that have strong security measures in place, including the use of firewalls and intrusion detection systems. The deployment point for the FxM appliance in a network must be behind the firewall. More specifically, the FxM control port must be accessible only behind the firewall, while the FxM monitoring ports may be connected to a network tap or switch outside the firewall. The monitoring ports operate in promiscuous mode, and all traffic that comes across them is routed into the FxM traffic analysis engine, so there is no risk of attack through these ports.

FxM itself also incorporates a built-in firewall which provides additional security beyond what is provided by the network environment. This firewall was constructed using the firewall rule-set building utility Bastille-Linux® (for details, see http://bastille-linux.sourceforge.net/). The FxM firewall limits external access to the HTTP or HTTPS port, depending on how its Apache™ Web Server is configured.

If command-line access is needed for Quest technical support to run low-level diagnostic procedures, customers may optionally open the SSH port. Normally, you should keep the SSH port closed, since it should only be opened for remote diagnostic procedures. The MySQL® port may also be opened if remote database access is configured.

The firewall also includes typical checks for illegal addresses and limits ICMP usage. Opening and closing HTTPS, SSH, and MySQL® ports is the responsibility of the FxM administrators using the FxM web console.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating