[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Securing Xymon Over Internet



On Tue, Feb 10, 2009 at 10:06:39AM +0200, Neil Franken wrote:
> I need to monitor several satellite sites with XyMon. These sites are
> not available on our local LAN so I have to go via the internet. I am a
> bit hesitant to open the ports etc since the information collected can
> be used in foot printing the system. How would I go about securing the
> service so that xymons information does not fall into the wrong hands?

For a solution now, OpenVPN would be my suggestion - it is very easy to 
setup, uses standard OpenSSL encryption with digital certificates for
authentication, and has a nice price ($ 0,00). Plus you get a true VPN
connection to the server, so if need be you can SSH to the remote
servers through the VPN tunnel - or rdesktop, if they are Windows
servers.

In the slightly longer run, the Xymon clients will know how to use
an SSL-encrypted connection to the Xymon server. This is planned
for one of the releases that will show up over the coming months
(see my announcement from yesterday).


Regards,
Henrik