Chat now with support
Chat with Support

Foglight Experience Monitor 5.8.1 - Security and Compliance Field Guide

Configuration parameters and files

FxM stores its configuration parameters in the MySQL® database. Write access to this database is restricted to FxM administrators, who in turn need to authenticate themselves with their usernames and passwords. Read access to this database is restricted to FxM users with “Remote database access” enabled. In addition, FxM logs any changes made to its configuration, and provides an audit trail of events.

Defense against denial-of-service attacks

Any network services that are not required for the operation of FxM have been removed from the system. This reduces the possible avenues through which an attacker may attempt to gain access. For example, the FxM server does not respond to ping requests, and it does not allow CGI scripts to run. A firewall (Bastille) and a port scanning tool (Port Sentry) are also used to restrict and monitor access to FxM. In addition, certain ports have been opened for the sole purpose of intrusion detection. If FxM observes a computer probing any of these ports, it automatically records the computer’s IP address and blocks any future access to FxM. Such an event is recorded in the FxM log file.

For detailed information about the FxM appliance log repositories, see section “Using the appliance support tools” in the Foglight Experience Monitor Installation and Administration Guide.

Defense against web console exploits

FxM validates user input in its web interfaces and on its back-end to prevent cross-site scripting and other types of attacks. Vulnerability tools are run against the appliance for every major release and corrective action is taken when necessary.

In particular, FxM implements the following strategies to guard against attacks:
Cryptographic nonces are implemented on all forms as an authentication mechanism to prevent replay and Cross-Site Request Forgery (CSRF) attacks.
Parameters to web console pages are strictly checked for valid characters using a whitelist approach where possible.
Textual user input is filtered to remove possibly malicious code that could enable Cross-Site Scripting (XSS) attacks.
All web pages have authorization checking to ensure that only users with the correct privileges are allowed access.
File uploads are strictly validated before being used to prevent Local File Include (LFI) and Directory Traversal attacks.
In lockdown mode, FxM prevents assignment of system access privileges through the web console. For more information about lockdown mode, see “Increasing security for user account management and access privileges” in the Foglight Experience Monitor Installation and Administration Guide.

Auditing

Aside from logging all information required to analyze system performance, FxM also records data in order to aid with system recovery and events related to potential attackers probing for system access. Any changes to the system’s configuration are placed in the log file, creating a trail of events that can be inspected in case FxM becomes unstable (for example, due to a mis-configuration). In addition, if FxM detects a potential attacker scanning for open communication ports, it creates a log entry and blocks future access to FxM from the attacker’s IP address.

For detailed information about the FxM appliance log repositories, see section “Using the appliance support tools” in the Foglight Experience Monitor Installation and Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating