[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] Securing Xymon Over Internet
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] Securing Xymon Over Internet
- From: Henrik =?unknown-8bit?q?St=C3=B8rner?= <henrik (at) hswn.dk>
- Date: Tue, 10 Feb 2009 16:22:36 +0100
- References: <8A82C7A8DFD13048B6717BBFA72CF57402ADE871 (at) prmsdcex01.premier.local>
- User-agent: Mutt/1.5.18 (2008-05-17)
On Tue, Feb 10, 2009 at 10:06:39AM +0200, Neil Franken wrote:
> I need to monitor several satellite sites with XyMon. These sites are
> not available on our local LAN so I have to go via the internet. I am a
> bit hesitant to open the ports etc since the information collected can
> be used in foot printing the system. How would I go about securing the
> service so that xymons information does not fall into the wrong hands?
For a solution now, OpenVPN would be my suggestion - it is very easy to
setup, uses standard OpenSSL encryption with digital certificates for
authentication, and has a nice price ($ 0,00). Plus you get a true VPN
connection to the server, so if need be you can SSH to the remote
servers through the VPN tunnel - or rdesktop, if they are Windows
servers.
In the slightly longer run, the Xymon clients will know how to use
an SSL-encrypted connection to the Xymon server. This is planned
for one of the releases that will show up over the coming months
(see my announcement from yesterday).
Regards,
Henrik