Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Web Server Monitoring

Re: Web Server Monitoring

From: Paul Robertson <proberts_at_patriot.net>
Date: Sun, 14 Sep 2003 12:45:35 -0400 (EDT)

On Fri, 12 Sep 2003, Tony Turner wrote:

> We have several web servers that we support throughout the southeast.
> We usually use VNC. I have a few questions for you. How secure is VNC
> and what are some known security risks. What is the best way to monitor

It isn't, perhaps you should read the documentation which comes with VNC,
which (at least last I cheked) had a section on how it wasn't secure. I
believe the authors recommended running it over SSH tunnels.

> these servers? have used large scale monitoring tools that create
> tickets whenever a server or a switch stops responding, but this was all
> on the same network. I am looking at a program called Networkview.
> This product gives me a GUI interface with all of my sites and let's me
> know which are up or down. It will also email me if something goes
> down. It seems that it works great locally, but I need something that I
> can use over the Internet. Networkview will ping these IP addresses,
> but most of these webservers are behind routers or firewalls that block
> ICMP. WIll SNMP work over the internet and is it really necessary to
> block ICMP. How hard is SNMP to set up and where do I start?

SNMP is a secuirty nightmare, and you really, really don't want to expose
current implementations to the Internet at large. If you're worried about
Web services, grab a page every few minutes, and alert on errors for that,
there are plenty of tools to do so, and writing one isn't all that
difficult either.

While out-of-band monitoring is generally a good thing, it's only a good
thing when the channel is private. If you're going to use a public
channel, then do in-band monitoring, since you *have* to expose HTTP to
the world anyway, using it to check the status isn't the increase in risk
that trying to do some other protocol is.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts_at_patriot.net which may have no basis whatsoever in fact."
probertson_at_trusecure.com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Sep 14 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos