I am planning to use the NCPA agent to communicate with Nagios and I would like to know how secured this method is?
Does the communication between the source and target leave the local network? Are a firewall and Anti-virus tools suffice to maintain safe monitoring? I installed Nagios as a VM on a Hyper-V and there is also the concern of Apache being exposed to the net. Thanks.
Network security using NCPA agent
Re: Network security using NCPA agent
A very lovely thing about NCPA, NRPE, and NSClient++ is that they are open source for any and all to scrutinize their security measures:
https://github.com/NagiosEnterprises/ncpa
https://github.com/NagiosEnterprises/nrpe
https://github.com/mickem/nscp
Essentially, if a malicious actor gains access to those tokens, they now control the NCPA associated with that token and all the configurations you've written for that instance of NCPA. In a nutshell; Don't share passwords with people who don't need them applies to NCPA tokens.
https://github.com/NagiosEnterprises/ncpa
https://github.com/NagiosEnterprises/nrpe
https://github.com/mickem/nscp
I would say it is the most secure option since it is officially maintained by Nagios Enterprises and actively recommended to new users. That is just my opinion.ebiran wrote:I am planning to use the NCPA agent to communicate with Nagios and I would like to know how secured this method is?
That depends on your network topology more than it does NCPA.ebiran wrote:Does the communication between the source and target leave the local network?
I would say no. You need to be sure that the methods by which your monitor communicates with it's agents are also secure. In the case of NCPA, this means ensuring only necessary users have access to the plan-text copies of the tokens you use for each machine. This can be done relatively easily with proper permissions for multi-tenant environments.ebiran wrote:Are a firewall and Anti-virus tools suffice to maintain safe monitoring?
Essentially, if a malicious actor gains access to those tokens, they now control the NCPA associated with that token and all the configurations you've written for that instance of NCPA. In a nutshell; Don't share passwords with people who don't need them applies to NCPA tokens.
This depends more on your network topology than it does Nagios XI. I can't imagine there being any significant barriers within Nagios XI with regards to making sure it's not publicly exposed, but in a perfect world you'd enforce that at the transport layer before the application layer.ebiran wrote:I installed Nagios as a VM on a Hyper-V and there is also the concern of Apache being exposed to the net.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Network security using NCPA agent
Thank you very much for the detailed answer.
Re: Network security using NCPA agent
Yes, thanks.