Securing Your ServersCheck Configuration

From ServersCheck Wiki

Jump to: navigation, search

ServersCheck's Monitoring Software is designed to be accessed and managed by system administrators and not low level access end-users. Below are some tips on how you can achieve a better security of your ServersCheck deployment. Please read carefully.

In this section we will cover: ServersCheck with a public IP address or available from the Internet Changing ServersCheck port Only accessible to system administrators Only keep the Monitoring Service running and not the Configuration Server Running the ServersCheck in HTTPS (SSL) mode

First rule is: avoid connecting ServersCheck to the Internet through a public IP address ServersCheck is a software for system administrators and only they should access it. Exposing a software to the Internet is (especially a monitoring solution) is not the best move since the IP address of the host running the ServersCheck software could be the target of outside attacks.

We recommend not to give ServersCheck a public IP address or make it available from the Internet. If you want to have it available over the Internet, then define a rule in your firewall that only specific external IP's can access the ServersCheck host or create a VPN tunnel.

Second rule is: change ServersCheck's default port By default ServersCheck runs on port 1272. Enterprise edition users can modify it to another port by changing the port.conf file. We highly recommend to do this. Hackers typically attack applications by launching an attack on its port. For example if a vulnerability is found in IIS then they will launch an attack to IIS systems running on port 80. First having to perform a port scan and then launch an attack is often too slow a process. Port scans typically only do a specific range of known ports.

Third rule is: only make the ServersCheck application available to administrators The web application part of the ServersCheck Monitoring Software should only be accessed by network or system administrators and by non-administrators. By default ServersCheck creates automatically updated status reports in HTML. Publish those static HTML reports to your end users rather than making the web application available to internal users just for making status of systems available to them.

Fourth rule is: run the Configuration Server only when needed ServersCheck is a monitoring tool that has 2 main components: the Configuration Server (the built-in web server) and Monitoring Service. To perform the monitoring activity, only one service is required to run: the Monitoring Service. If you do not need to configure/update/modify your ServersCheck Monitoring application, then we recommend to shutdown the Configuration Server and view the status of checks through the static HTML reports made available. A service running on a computer without having an interface (like the Monitoring Service) has one of the best protections. As system is often abused once it has either an interface (web or traditional) or when it accepts incoming data packets. Only when having the Configuration Server running and available to non internal needed users, then it could be the target of attacks.

Retrieved from "http://kb.serverscheck.com/index.php/Securing_Your_ServersCheck_Configuration"
Personal tools