|
Agents run as mortal users, not as root/Administrator: This is a much safer methodology
compared to other agent-based monitoring products that run with full administrative privileges.
There is no trust relationship between our equipment and yours: As far as your servers are
concerned, our monitoring requests are originating from untrusted Internet space and are
treated accordingly.
Our monitoring requests access your system via a single TCP/IP port that can be randomly
selected by you: This makes it extremely simple to construct firewall rules to block
everyone else except us from accessing that port.
Anyone trying to access your monitoring port would need to know our account name and
password: This, in addition to needing an instance of our monitoring software to
get the assigned TCP/IP port on your system to respond.
We do not have (nor do we want) your root/administrator passwords: Safe (sudo)
mechanisms can be used if you would like us to run a root-privileged recovery
script to fix problems that we detect. We have absolutely no ability (or desire)
to gain root/Administrative access to your servers.
We can (and do) enforce our own ACLs that further controls access to your equipment:
For example, agents requests will be denied unless they come from a specific user and
a specific IP address. In addition, our Operators have no ability to modify any of
the agent's characteristics.
All message traffic is encrypted using Diffie-Hellman DES-CBC encryption: Passwords
are encrypted inside the encrypted message packet.
All transactions are logged to an audit log file that lives on the monitored server:
Available for inspection by client security folks any time.
3DES encryption VPN connectivity is available at an additional cost per month
|
