Hello Dear community,
I have just installed NCPA_Agent on a set of equipements. My question is about NCPA security. I have noticed that NCPA had provided a better level of security through SSL/TLS encryption.
- So my question is what is the limit of this amelioration! and what must be done to keep this security strong. I was wondering of it is a necessity to change the auto-signed certificates as they come by default after the installation of the NCPA Agent and so provide my own certificates?
- what other security vulnerabilities still exist on NCPA agent ?
Thank you
NCPA_Security
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: NCPA_Security
Hi @ybadrou,
Thank you for trying out Nagios! Out of the box, NCPA uses a self-signed certificate, but you have the option to set your own if you'd like. This is done using the certificate option in the configuration file.
See: https://www.nagios.org/ncpa/help/2.0/configuration.html
In regards to other vulnerabilities, we work hard to keep everything secure. The best practice is to keep everything up-to-date, both NCPA and Nagios XI.
Let us know if you have more questions.
Thank you for trying out Nagios! Out of the box, NCPA uses a self-signed certificate, but you have the option to set your own if you'd like. This is done using the certificate option in the configuration file.
See: https://www.nagios.org/ncpa/help/2.0/configuration.html
In regards to other vulnerabilities, we work hard to keep everything secure. The best practice is to keep everything up-to-date, both NCPA and Nagios XI.
Let us know if you have more questions.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: NCPA_Security
hi @benjaminsmith
Thank you for your answer.
-I have another two questions about SSL certificate. As I will leave the default certificates provided by Nagios after the NCPA installation, does this present a security vulnerability ? In other word, are they the same in every host ? I wanna now if all NCPA agent come with the same certificate or does it change in every installation?
- How the exchange of certificates between Nagios server and NCPA Client is performed. Is it while trying to pair the client to the server or what ?
Thank you so much
Thank you for your answer.
-I have another two questions about SSL certificate. As I will leave the default certificates provided by Nagios after the NCPA installation, does this present a security vulnerability ? In other word, are they the same in every host ? I wanna now if all NCPA agent come with the same certificate or does it change in every installation?
- How the exchange of certificates between Nagios server and NCPA Client is performed. Is it while trying to pair the client to the server or what ?
Thank you so much
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: NCPA_Security
HI @yabadrou,
Your welcome. In regards to your other questions, see below:
1. It's a self-signed certificate, and but in this use case, it's acceptable for most users since the certificate is used between components of the same system, and not between a server and unknown agents, so there really isn't a need for a 3rd party. When you install NCPA, a certificate is generated, so it's not the same for every installation.
Regarding, the HTTP handshake between check_ncpa.py and NCPA(server), that's handled by the SSL module in python.
See: https://docs.python.org/3/library/ssl.html#ssl-security
2. As far as other vulnerabilities, I would recommend keeping everything updates to date. We are quick to respond to any CVE, you can follow the project on GitHub for the latest as well.
https://github.com/NagiosEnterprises/nc ... HANGES.rst
Reference:
Security at Nagios
Your welcome. In regards to your other questions, see below:
1. It's a self-signed certificate, and but in this use case, it's acceptable for most users since the certificate is used between components of the same system, and not between a server and unknown agents, so there really isn't a need for a 3rd party. When you install NCPA, a certificate is generated, so it's not the same for every installation.
Regarding, the HTTP handshake between check_ncpa.py and NCPA(server), that's handled by the SSL module in python.
See: https://docs.python.org/3/library/ssl.html#ssl-security
2. As far as other vulnerabilities, I would recommend keeping everything updates to date. We are quick to respond to any CVE, you can follow the project on GitHub for the latest as well.
https://github.com/NagiosEnterprises/nc ... HANGES.rst
Reference:
Security at Nagios
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!