What We're Working On for SAM (Updated: January 30, 2023)

New unified What We're Working On 

With the release of the new unified SolarWinds Platform, we've unified our What We Are Working On to a single post, go there for the latest and greatest.

Parents Comment Children
  • Just curious, what is the use case for making such a sensitive system accessible publicly on the internet? If you do, a CAPTCHA won't do very much to protect you from malicious actors who want to break in. I would highly suggest using a web application firewall and a reverse proxy to protect access to Orion. In your reverse proxy, use one that allows you to inject a login page with ties to MFA (multi-factor authentication). This will offer far more protection than a CAPTCHA, and would also separate attackers from the actual IIS attack surface.

  • Can you elaborate on this recommendation a bit more? I'm not terribly familiar with reverse proxies, but I know our infrastructure team is implementing MFA in front of things like our Office 365 and our VPN. I'd love to increase the security of our Orion instance to allow it to be internet facing.

  • A reverse proxy can sometimes include web application firewall functionality (such as Citrix Netscaler / ADC). They can also add MFA at the point of reverse proxy, which puts the security closer to the edge, and can potentially stop malicious traffic before it even gets to your Orion login page.

Thwack - Symbolize TM, R, and C