IPHost developers regard every security issues as very important ones; to prevent and avoid security-related incidents, please follow the below guidelines:
- upgrade to latest available public IPHost release: whereas IPHost license per se doesn’t expire, software components bundled with IPHost installation, can exhibit security-related problems. Using out-of-date IPHost releases is thus strongly discouraged: depending on your configuration, various security issues can be possible (depending on severity of found security flaws). One of the simplest means to be updated on new releases is to subscribe to our low-traffic mailing list.
- assign non-empty database access password: with non-trivial password set at “Settings > Access Password”, you reduce risk of monitoring data leak: after the password is set, every user account different from the one having installed IPHost, will require the access password to run IPHost GUI client. Also, that encrypts monitoring data; if monitoring database is transferred elsewhere, access password will be required to read its contents.
- do not open public access to Web interface: by default, IPHost installer uses default computer network adapter to set up Web interface. If this adapter is publicly accessible, anyone can open Web interface in browser and do limited management of monitors (such as starting and stopping), as well as seeing all the reports. If the latter is undesirable, one or more of below should be done:
- in “Settings > Web Interface” assign non-public (such as localhost, 127.0.0.1) IP address to run Web interface on (in “Host” field)
- set up database access password
- set up HTTP authentication to prevent public access to Web interface
- be careful when running scripts or programs as part of monitoring: Script or Program monitor is a universal tool in case complicated actions are required to get performance value and/or perform action on monitor change state. However, care should be taken when running such scripts or programs, since they are executed under privileges of account used to run IPHost monitoring service )by default, SYSTEM built-in account). If unsure of the origin or behavior of a script or program, do not use them in “Script or Program” monitors/simple actions.
- edit notifications template to reduce amount of reported data: by default, IPHost uses rather verbose mail template to send mail notifications, its body looks like this:
$EventType: $EventDescription at $Time Details: $EventDetails Host: Display name: $HostName Notes: $HostNotes IP address: $HostIP DNS name: $HostDNS Report URL: $HostReportUrl Monitor: Display name: $MonitorName Notes: $MonitorNotes Report URL: $MonitorReportUrl ------ To change or disable the e-mail notifications for '$MonitorName on $HostName', edit settings on Alerting tab for it in IPHost client or contact your system administrator, $AdminMail, for assistance.
(the template parameters, such as $MonitorName are explained in Property Editor > Template parameters).
In case you need to send email notifications outside your intranet, it can make sense to edit the default template (it will be used each time you create a new “Send mail” simple action). Exclude $HostIP/$HostDNS, “Report URL” and other variables that can provide information on your network structure to outside parties. Leave as little information as necessary to notify of a monitoring event.
- avoid using SSH keys without password protection: SSH monitors allow using RSA key authentication, which is considered better alternative to using password authentication.
However, since IPHost data directory is readable by SYSTEM account, using RSA private key without a password can be a security risk: it is feasible that another system process or user can read the key and thus compromise the etting up monitoriserver the key is used to connect to.
For the same reason, the user account running commands on remote Unix-like system (accessed via SSH) should be as limited in access rights as possible. If superuser access is required for certain commands, make sure your sudoer settings only allow running that specific command(s), otherwise the remote system security might be compromised.
- avoid using insecure protocols when monitoring: while IPHost provides monitors supporting FTP, HTTP, SNMP (versions below 3), and their usage can be relatively safe under certain circumstances, we discourage using insecure protocols.
For example, use HTTPS instead of HTTP, FTPS or SFTP instead of FTP, SNMP version 3 wherever possible. That relates to both monitors and scripts/programs called by monitors or alert actions.
For the same reason, we discourage using HTTP for Web interface; use HTTPS wherever possible.
- pay attention to every program warning and error message: under normal circumstances, IPHost only displays information pop-ups. In case you notice warning and/or error one, you should pay close attention to that. Whether it’s in “Logs view”, or displayed via pop-up windows, never leave such notifications unattended. No warning or error conditions should occur under normal IPHost operation.
Read more on setting up monitoring on “Getting started” page.