What We're Working On for SAM (Updated: January 30, 2023)

New unified What We're Working On 

With the release of the new unified SolarWinds Platform, we've unified our What We Are Working On to a single post, go there for the latest and greatest.
 wwwo 

Parents
  • Hi, My infosec is asking to include captcha on login page if I need to access the website on internet, please add this in your roadmap.

  • Just curious, what is the use case for making such a sensitive system accessible publicly on the internet? If you do, a CAPTCHA won't do very much to protect you from malicious actors who want to break in. I would highly suggest using a web application firewall and a reverse proxy to protect access to Orion. In your reverse proxy, use one that allows you to inject a login page with ties to MFA (multi-factor authentication). This will offer far more protection than a CAPTCHA, and would also separate attackers from the actual IIS attack surface.

Comment
  • Just curious, what is the use case for making such a sensitive system accessible publicly on the internet? If you do, a CAPTCHA won't do very much to protect you from malicious actors who want to break in. I would highly suggest using a web application firewall and a reverse proxy to protect access to Orion. In your reverse proxy, use one that allows you to inject a login page with ties to MFA (multi-factor authentication). This will offer far more protection than a CAPTCHA, and would also separate attackers from the actual IIS attack surface.

Children
Thwack - Symbolize TM, R, and C