Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web Server Monitoring

From: Paul Robertson <proberts () patriot net>
Date: Sun, 14 Sep 2003 12:45:35 -0400 (EDT)
On Fri, 12 Sep 2003, Tony Turner wrote:


We have several web servers that we support throughout the southeast.  
We usually use VNC.  I have a few questions for you.  How secure is VNC
and what are some known security risks.  What is the best way to monitor


It isn't, perhaps you should read the documentation which comes with VNC, 
which (at least last I cheked) had a section on how it wasn't secure.  I 
believe the authors recommended running it over SSH tunnels.


these servers?  have used large scale monitoring tools that create
tickets whenever a server or a switch stops responding, but this was all
on the same network.  I am looking at a program called Networkview.  
This product gives me a GUI interface with all of my sites and let's me
know which are up or down.  It will also email me if something goes
down.  It seems that it works great locally, but I need something that I
can use over the Internet.  Networkview will ping these IP addresses,
but most of these webservers are behind routers or firewalls that block
ICMP.  WIll SNMP work over the internet and is it really necessary to
block ICMP.  How hard is SNMP to set up and where do I start?


SNMP is a secuirty nightmare, and you really, really don't want to expose 
current implementations to the Internet at large.  If you're worried about 
Web services, grab a page every few minutes, and alert on errors for that, 
there are plenty of tools to do so, and writing one isn't all that 
difficult either.

While out-of-band monitoring is generally a good thing, it's only a good 
thing when the channel is private.  If you're going to use a public 
channel, then do in-band monitoring, since you *have* to expose HTTP to 
the world anyway, using it to check the status isn't the increase in risk 
that trying to do some other protocol is.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: