Chat now with support
Chat with Support

Foglight 6.0.0 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight FIPS-compliant mode Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Defense against Denial-of-Service attacks

Any network services that are not required for the operation of APM appliances are removed. This reduces the possible avenues through which an attacker may attempt to gain access. For example, the appliance does not respond to ping requests. A firewall (Bastille) and a port scanning tool (Port Sentry) are used to restrict and monitor access to appliances. In addition, certain ports have been opened for the sole purpose of intrusion detection. If an appliance observes a computer probing any of these ports, it automatically records the computer’s IP address and blocks any future access. Such an event is recorded in the logs.

Logs for appliances

In addition to the logs provided by the Management Server (see “Audit log” and Log files ), appliances have the following types of logs:

Configuration Change Log — All changes to the configuration through the APM > Traffic Capture or APM > Traffic Analysis dashboards are recorded in the Configuration Change Log on the appliance hosting the Management Server. For more information, see “Managing Configuration Changes” in the Foglight® APM Administration and Configuration Guide.
Console Program Logs — Changes to the appliance are logged in the following logs:
Sniffer changes: /var/log/sniffer
Relayer changes: /var/log/relayer
Upgrade: /var/log/install and /var/log/rpmupgrade
Support Bundle Logs — Log files are also created when generating a support bundle from the Console Program, including:

Data entry validation for APM dashboards

For the APM dashboards, Foglight® validates user input in its browser interface and on its back-end. This includes checking that the correct data type is entered (for example, no numbers are entered in a text-only box) and restricting the length of input, such as to avoid certain potential buffer overflow attacks.

Installation of upgrades and patches

When the appliance software needs to be updated, the upgrade or patch package is digitally signed with a PGP key to prevent customers from uploading unauthorized materials. Upgrades and patches are installed using the APM > Support > Upgrade Appliances dashboard. All registered appliances are updated. Alternatively, individual appliances can be updated using an appliance’s Console Program.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating