We have around 30 people in my section that require administrator rights in SolarWinds. We are also the same individuals that manage the network. Because of the amount of people, it is simpler to just use one login. We do not have the man-power to manage individual logins for every person who needs to maintain, or just view, the network via SolarWinds.
One of the security features we have implemented on our network is that only pc's on a certain VLAN can login into the equipment regardless whether they have obtained login information. In the event of login compromise, the individual would still have to come and physically use one of the computer's in our office. I would like to see a similar security feature implemented directly into SolarWinds.
For example, the Admin login gets compromised. The 'bad' individual goes to login into SW from the IP of 1.2.3.121. Luckily, the only IP's allowed to login under Admin are 1.2.3.1 - 25. The 'bad' person would be denied access based strictly off his IP address. The log would show that access was denied for Admin from 1.2.3.121. At this point we know that the login information has been compromised and can act accordingly.
This could be something that could be applied to individual logins or to groups. It could also be used to block entire portions of your network that have absolutely no need to even look at SW. No matter how hard you try, sometimes login information gets shared. This would just add another layer of security.
Looking at what we could do at this particular time, this would be more simplified and easier to control.
