In addition to monitoring regular HTTP traffic, appliances can monitor Secure Socket Layer traffic (SSL/TLS). To enable monitoring of SSL traffic, customers upload their private SSL encryption keys to Foglight® using the browser interface. These keys are naturally of high sensitivity to customers.
The Foglight® Management Server can collect usage data about your environment and send it to Quest Software Inc. to improve support response. This data helps Quest Software Inc. identify potential bottlenecks, and improve the overall Management Server performance and server versions going forward.
A major component of FISMA implementation is the publication by the National Institute of Standards and Technology (NIST), entitled “Recommended Security Controls for Federal Information Systems”, listed as NIST Special Publication 800-53 (for additional information about this document, see http://csrc.nist.gov/publications/PubsSPs.html#800-53). This document presents 17 general security categories that can be used to evaluate an information security to measure its level of compliance with FISMA. For this reason, this appendix offers the 17 categories listed in 800-53 and describes how Foglight® addresses them.
The secure employment of Foglight® forms only one part of an information security program. A statement in this appendix that a particular security category is “applicable” to Foglight means only that Foglight contains security features that are or may be relevant to some or all aspects of the security category in question. It does not necessarily mean that Foglight fully meets all of the requirements described in that security category, or that the use of Foglight by itself guarantees compliance with any particular information security standards or control programs. The selection, specification, and implementation of security controls in accordance with a customer-specific security program is ultimately dependent upon the manner in which the customer deploys, operates, and maintains all of its network and physical infrastructure, including Foglight.
Foglight 5 has an internal security service through which all requests must pass regardless of whether they originate from the user interface, the command-line or external APIs. The security service is user and role based and can be linked to LDAP or Active Directory®, enabling the storage and management of the user accounts, roles, and passwords, through those directories. For appliances, access to an appliance is controlled through a separate user authorization mechanism. The appliance’s root password is not distributed to customers. |
|||
The Foglight communication ports are restricted and configurable by administrators only. |
|||
The customer can also choose to authenticate users against an LDAP or AD supported directory. For appliances, a user authorization mechanism (built on the Linux® Pluggable Authentication Modules) controls access to an appliance. |
|||
Quest Software Inc. monitors the embedded PostgreSQL® database included in Foglight developments for security developments and flaws and provides product updates and patches to customers when necessary. |
|||
The Management Server and Cartridges/Agents use the JavaTM Cryptographic Extension library for cryptographic operations. The Triple DES (Data Encryption Standard) algorithm in chain block cipher mode is used for encrypting the service account's passwords (for example, the LDAP account). User passwords are hashed with the MD5 algorithm and stored in the Foglight database. Agent properties marked as sensitive are masked during display and encrypted during storage. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center