Chat now with support
Chat with Support

Foglight 5.9.7 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight FIPS-compliant mode Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Overview of APM appliances

Appliances can host one or more of the following software components: Management Server, Sniffer, and Archiver. Appliances with a Sniffer component are attached to the customer’s network where they passively monitor Web traffic. Sniffers capture, decrypt, and analyze the Web traffic, and transmit content and metrics to one or more Archivers within the same capture group as the Sniffer. Archivers receive the data from Sniffers, analyze the data, and maintain databases used for searching, reporting, and replay. Archivers send snapshots of collected data to the Management Server for display in top-level APM dashboards.

The following table describes the type of appliances that implement the security features discussed in the rest of this section. Appliances come with a predefined set of software components installed on the appliance. Appliances can be physical appliances (PowerEdge series hardware) or virtual appliances (VMware® vSphere®). Both physical and virtual appliances can exist in the same installation, with some restrictions.

Yes

No

Yes

Yes, on separate virtual disks

Yes

Yes

Yes

Yes

Yes

Yes

Trust model

The following assumptions are made about the installed environment:

The password for the default setup account on each appliance is changed during the initial setup.
The password for the default foglight user in Foglight® is changed during the initial setup.

Multiple layers of defense

Appliances include multiple layers of defense to protect against intrusions and hack attempts:

Layer 1: Firewall

Appliances are designed to be installed in network environments that have strong security measures in place, including the use of firewalls and intrusion detection systems. Appliances must be installed behind the firewall. More specifically, the appliance’s control port must be accessible from behind the firewall only, while its monitoring ports may be connected to a network tap outside the firewall. The monitoring ports operate in promiscuous mode, and Web traffic that comes across these ports is copied to the Sniffer, so there is no risk of attack through these ports.

Appliances also include a built-in firewall which provides additional security beyond what is provided by the network environment. This firewall is constructed using the firewall rule-set building utility Bastille-Linux® (for details, see http://bastille-linux.sourceforge.net/). The firewall limits external access to the HTTP or HTTPS port for report viewing and additional ports used for intra-component communications.

If command-line access is needed for Quest Support to run low-level diagnostic procedures, customers may optionally open the SSH port. For more information, see Enable remote access using SSH.

The firewall also includes typical checks for illegal addresses and limits ICMP usage. Opening and closing HTTPS and SSH ports is the responsibility of APM Administrators.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating