In our modern world, where enterprises are increasingly reliant on technology, having the right network monitoring in place will help ensure an organisation’s IT infrastructure continues to function at optimum levels and that there are fewer issues with connected devices and services. It sounds simple but just like all IT systems, keeping infrastructure and devices secure from threats is equally important.
Network monitoring software works with networks of all sizes and is capable of LAN, WAN, WLAN, and VPN monitoring plays an important role in maintaining an organisation’s overall security posture. Physical or virtual web, mail, and file servers, Linux systems, Windows clients, routers can be monitored too.
These applications monitor network availability and bandwidth usage, as well as various other network parameters such as quality of service, memory load and CPU usage, even on remote machines. They provide system administrators with live readings and periodical usage trends to optimise the efficiency, layout and setup of leased lines, routers, firewalls, servers and other network components.
Layer 1: Overload Protection
An overload protection feature is a built-in mechanism to fight brute-force attacks. More specifically, upon experiencing multiple false login attempts, the monitoring software increases the time required for the next login attempt considerably as this mechanism considerably impacts the performance of the web interface of the user account that is responsible for the failed login attempts.
Layer 2: Enhanced Security With Automatic Log Out
The ability to allow users to set an automatic log out option is another key security layer feature. Enabling this feature requires users or administrators to log in again after a period of inactivity.
As a result, even forgotten unlocked sessions are locked, reducing the possibility of accidental or malicious insider threat attacks.
Layer 3: Preventing Malicious Code Execution
While features like the one mentioned above help reduce the risk of a successful infiltration into the network monitoring software, another layer of security exists for cases where a malicious actor has already gained access. To minimise the potential for damage, network applications are set up in such a way that it restricts the possibility of being used to execute malicious code.
Thus, even though someone malicious might have access to the software, they are not able to utilise the UI to create a new custom sensor using a malicious script or alter an existing one and execute it. Instead, OS system administrators need to edit or create the script directly and place it in a specific location that the network monitoring solution can read from.
In default installations, access to this location requires high privileged permissions in the server itself.
Layer 4: Secure Configuration File
Finally, there is an additional layer of security with regards to the configuration file. The right network monitoring application stores the entire monitoring configuration – sensors, devices, credentials, etc. – in a configuration file. Not only is this configuration file stored in a location that only a user with administrator permissions can access by default, it also encrypts all secrets or passwords using AES-256; no secrets can be found in plain text in the configuration file.
The monitoring solution decrypts these secrets as needed during runtime. By doing so, the risk of accidentally leaking confidential information is reduced. Additionally, it is designed in such way that if a customer shares this file through the support bundle, the secrets are automatically removed. Support teams can only see the configuration and not any associated secrets. The same security measures are applied to every automatic backup of the configuration file.
Of course, as a general recommendation for all files, but especially for the configuration file and any automatic backups, administrators should not depend solely on network monitoring software and their OS for security. Rather, administrators should take the necessary steps to ensure that the security and access control for the configuration file is maintained during transit, deployment, and storage (e.g. backups).
