Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Credentials sent in a secure way?

Hi all,

I'm currently rolling out NPM and i have a question about the security of the APM credentials we need to supply when monitoring components on servers.

Does the password of the credential get sent across the network in clear text or is the information encrypted or hashed? Can anyone give an assurance on how secure this is?

Do the credentials need admin rights to the destination machine for monitorign to work?

We don't want unsecured admin passwords flying around our network.

Thanks,

Chris.

Find more posts tagged with

Accepted answers

josh.clark

Is there a way to stop the credentials from being sent over the network in cleartext when we poll the server?

For the most part, they are not. The passwords are decrypted on the polling engine and then used to poll the device. It depends on the protocol as to if the password is sent in clear text.

For WMI, the passwords are encrypted my the WMI/DCOM infrastructure. For something like HTTP, passwords could be sent in clear text since that is the way the HTTP protocol works.

All comments

josh.clark

Does the password of the credential get sent across the network in clear text or is the information encrypted or hashed?

The password you enter into APM for credentials are encrypted. Specifically, they are encrypted using a self signed certificate that is created during install. We only decrypt your password when we need to use it to poll the device.

Do the credentials need admin rights to the destination machine for monitorign to work?

That depends on the type of component you are using. For WMI based components, yes, you need to use credentials for a user the has admin rights are the target machine.

FormerMember

Thanks Josh,

Is there a way to stop the credentials from being sent over the network in cleartext when we poll the server?

Thanks,

Chris.

josh.clark

Is there a way to stop the credentials from being sent over the network in cleartext when we poll the server?

For the most part, they are not. The passwords are decrypted on the polling engine and then used to poll the device. It depends on the protocol as to if the password is sent in clear text.

For WMI, the passwords are encrypted my the WMI/DCOM infrastructure. For something like HTTP, passwords could be sent in clear text since that is the way the HTTP protocol works.

FormerMember

Thanks Josh. The passwords being encrypted by WMI automatically sounds like what we need.

Thanks!

Chris.