IT Infrastructure Monitoring Forum

Rhea Rapps
Content Specialist
IT Central Station
Jun 21 2018
Is it required in your company to conduct a security review before purchasing an infrastructure monitoring solution? What are the common materials you use in the review? Do you have any tips or advice for the community? Any pitfalls to watch out for?
MenojRoekaleaI would start focussing on the used acounts and their privileges, other components aren't that interresting security wise. But the used accounts are probably over privileged as my experience has showed my before.
Sofian BayoudhIT security is an ongoing exercise, with some sporadic penetration testing. SOC should be closely coupled to NOC, especially in terms of log management, traffic capture and analysis (for heuristics/forensics), connectivity/management, DNS security, WAF, etc. So it's more than security review before deploying NOC, it's rather complete integration with due proper design and planning.
Matt DavisMy company does not require a security review per se, although we do incorporate security measures to protect our network. For example, if your monitoring system is public facing, you'd want to lock it down so that only the IP ranges and TCP/UDP port ranges necessary for you to monitor what you want to monitor are allowed in. If you are doing only active monitoring, then you don't really need to allow any establishment of connections from outside. If you are using SNMP traps, or an agent that pushes info to the monitoring services, the respective IPs and ports need to be allowed in. You can do this with a firewall like iptables. Security by obscurity is also still a helpful thing. Default port numbers, etc. are low-hanging fruit for bots and things that scour the internet for easy victims. You can also use something like fail2ban, which creates a blacklist of IPs who repeat failed logins. It is also helpful to ask the vendor which versions of software they use. It is possible they use an older version, which is not as secure as using one that is regularly updated with security patches. For example, do they use mySql? Which version? What about the OS? Is it a version still supported?

Sign Up with Email