Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Foglight 5.9.7 - Security and Compliance Guide

Table of Contents

Security overview

Foglight security measures Customer security measures Security features in Foglight

Service accounts

Agent credentials

Foglight users and groups Role-based access control Password policies

Setting password complexity levels

Required privileges

Installing Foglight Management Server Running Foglight Management Server Installing agent Components Manual database configuration

Controlling remote system access with credentials Protection of data collection infrastructure

Installation of data collection clients Agents requiring privilege escalation

Protection of stored data

Credentials for Foglight users LDAP credentials Management Server repository database credentials Foglight agent credentials Database repository

Protection of communicated data

Web application security Communication between Management Server and agents Communication between Management Server and clients Communication between Management Server and Java EE technology agents Communication between Management Server and XML over HTTP(S) agents Communication between Management Server and repository database

Default port assignments Agent adapter ports Client communication

Configuration parameters Audit log Log files Masking sensitive input data Uninstalling Foglight IPv6 Monitoring patches for the embedded database Daylight savings time extension QuestClick scripts Understanding the Foglight platform's relationship to Java "Clickjacking" vulnerability

FIPS-compliant mode

FIPS-compliant mode for Foglight Management Server FIPS-compliant mode for Foglight Agent Manager

Security features for APM appliances

Overview of APM appliances Trust model Multiple layers of defense

Layer 1: Firewall Layer 2: Port scan detection and blocking tool Layer 3: Customized operating system distribution Layer 4: Apache Tomcat server configuration

Restricted access to appliances

No root access User authentication on appliances Secure remote access Restricted network ports for appliances Defense against Denial-of-Service attacks

Logs for appliances Data entry validation for APM dashboards Installation of upgrades and patches Customer data protection on appliances

Restricted access to sensitive captured data Secure data storage in the Archiver database Secure data transfer between software components Secure use of customers' private keys

Usage feedback Appendix: FISMA compliance

NIST 800-53 categories

Password policies

Listed below are the default restrictions that apply to passwords for administrators (Foglight® users with the Foglight Security Administrator role), for internal users, and for credential lockboxes.

•

An internal user's password expires after ninety (90) days.

•

An administrator's password expires after forty-five (45) days. The one exception is the password for the default user foglight, which does not expire.

•

Users are locked out of the system for fifteen (15) minutes after they enter an incorrect password for five (5) consecutive login attempts.

•

Foglight reminds users fifteen (15) days before their password expires.

•

The password must be at least seven (7) characters long, and must contain both alphabetic and numeric characters.

•

The password cannot be:

•

the same as the user name.

•

the repetition of a single character.

•

longer than twenty (20) characters.

•

the same as any of the user's last twelve (12) passwords.

Users with the Foglight Security Administrator role can view and edit the configurable password policies on the Configure Password Settings dashboard in the Administration Console. Certain password policies cannot be viewed on this page or edited. They are as follows:

A user's password cannot be:

•

the same as his or her user name.

•

the repetition of a single character.

•

longer than twenty (20) characters.

External users are subject to the password policies that are enforced on the operating systems that generated the user accounts.

Setting password complexity levels

Setting password complexity levels

The customer sets the enforcement complexity level passwords of credential lockboxes, internal users, and users with the Foglight® Security Administrator role. The Lockbox password complexity level, the User password complexity level, and the Administrator password complexity level list are available from the Configure Password Settings dashboard and define the following levels of increasing complexity:

•

Level 1: Passwords are not checked for complexity.

•

Level 2: Passwords must contain both alphabetic and numeric characters.

•

Level 3: Passwords must contain at least one upper case letter, lower case letter, and numeric character, as well as at least one character that is not alphanumeric.

By default, the complexity level for both internal users' and administrators' passwords is set to level 2. Administrators' passwords cannot be set to level 1.

Required privileges

Required privileges

Installing Foglight Management Server

To install Foglight®, administrative privileges on the target operating system are required. In addition, the customer is prompted to provide credentials for a database administrator account during installation. The need to enter such credentials can be bypassed as described in Manual database configuration.

Installing Foglight Management Server

Required privileges

To install Foglight®, administrative privileges on the target operating system are required. In addition, the customer is prompted to provide credentials for a database administrator account during installation. The need to enter such credentials can be bypassed as described in Manual database configuration.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center