Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Network security using NCPA agent

https://support.nagios.com/forum/viewtopic.php?t=47953

Page 1 of 1

Network security using NCPA agent

Posted: Tue Mar 20, 2018 4:05 pm
by ebiran
I am planning to use the NCPA agent to communicate with Nagios and I would like to know how secured this method is?
Does the communication between the source and target leave the local network? Are a firewall and Anti-virus tools suffice to maintain safe monitoring? I installed Nagios as a VM on a Hyper-V and there is also the concern of Apache being exposed to the net. Thanks.

Re: Network security using NCPA agent

Posted: Tue Mar 20, 2018 9:34 pm
by mcapra
A very lovely thing about NCPA, NRPE, and NSClient++ is that they are open source for any and all to scrutinize their security measures:
https://github.com/NagiosEnterprises/ncpa
https://github.com/NagiosEnterprises/nrpe
https://github.com/mickem/nscp
ebiran wrote:I am planning to use the NCPA agent to communicate with Nagios and I would like to know how secured this method is?
I would say it is the most secure option since it is officially maintained by Nagios Enterprises and actively recommended to new users. That is just my opinion.
ebiran wrote:Does the communication between the source and target leave the local network?
That depends on your network topology more than it does NCPA.
ebiran wrote:Are a firewall and Anti-virus tools suffice to maintain safe monitoring?
I would say no. You need to be sure that the methods by which your monitor communicates with it's agents are also secure. In the case of NCPA, this means ensuring only necessary users have access to the plan-text copies of the tokens you use for each machine. This can be done relatively easily with proper permissions for multi-tenant environments.

Essentially, if a malicious actor gains access to those tokens, they now control the NCPA associated with that token and all the configurations you've written for that instance of NCPA. In a nutshell; Don't share passwords with people who don't need them applies to NCPA tokens.
ebiran wrote:I installed Nagios as a VM on a Hyper-V and there is also the concern of Apache being exposed to the net.
This depends more on your network topology than it does Nagios XI. I can't imagine there being any significant barriers within Nagios XI with regards to making sure it's not publicly exposed, but in a perfect world you'd enforce that at the transport layer before the application layer.

Re: Network security using NCPA agent

Posted: Wed Mar 21, 2018 8:44 am
by ebiran
Thank you very much for the detailed answer.

Re: Network security using NCPA agent

Posted: Wed Mar 21, 2018 10:07 am
by tmcdonald
Are we alright to close this up then?

Re: Network security using NCPA agent

Posted: Wed Mar 21, 2018 10:29 am
by ebiran
Yes, thanks.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited