Community
Command Central
MVP Program
Monthly Mission
Blogs
Groups
Events
Media Vault
Products
Observability
Network Management
Application Management
IT Security
IT Service Management
System Management
Database Management
Content Exchange
SolarWinds Platform
Server & Application Monitor
Database Performance Analyzer
Server Configuration Monitor
Network Performance Monitor
Network Configuration Manager
SQL Sentry
Web Help Desk
Free Tools & Trials
Store
Home
Products
Network Configuration Manager (NCM)
Cirrus - Security
Grabowski
I am trying out the new Cirrus tool, and I am pretty pleased with it although I have only just scratched the surface so far.
My concern is this: Passwords and community strings can be encrypted, the application itself can prompt for a password when launched and SSH can be used for transfer of configurations and inventories....
All this is of course done to protect these very sensitive data, but I am wondering how safe these data will be once they have been moved over to the SQL database (or Access for that matter) and basically are nothing more than a flat text file in a standard SQL database.
I really don't know much about database security, but I am hoping that somebody can give me some pointers on how to best deal with this.
Lars Grabowski
Global Infrastructure
Chr. Hansen A/S
Find more posts tagged with
Accepted answers
All comments
DonYonce
Grabowski,
The passwords and usernames can also be encrypted WITHIN the database. Open the Settings Dialog by selecting File->Settings.
Then from the "Security" group (2nd from the top). Check the "Encrypt Passwords in the database" and "Encrypt Usernames in the database". This will encrypt these database fields.
The Login information is now stored in an encrypted format, but... the configs themselves are still in plain text with the database. We are considering encryption of the configs within the database also.
salyerma
Grabowski,
It will really depend on whether you are using Access or SQL for your backend. MS SQL Server has great database security, so I would not worry about someone compromising that data. It is not really stored as text on the server side.
Then again, it is only as good as the person running the SQL Server to begin with. If they have an sa account with no password, then no, it is not very secure.
As for Access, then it will not be as secure.
I would rather not have the data encrypted inside SQL Server. I already have some custom applications that I run along side Solarwinds that allow me to use the data that Solarwinds gathers. If the data was encrypted, I would be out of luck.
Marks
DonYonce
salyerma,
Thanks for the feedback. That's good to know.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Best Of
