Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Orion Platform > Application Centric Monitor > Application Centric Monitor Installation Guide > Security enhancements and exceptions for SolarWinds Orion Platform products

Security enhancements and exceptions for SolarWinds Orion Platform products

Created by Su-Lyn Rosenberry, last modified by Su-Lyn Rosenberry on Oct 23, 2017

Views: 25 Votes: 0 Revisions: 5

By default, SolarWinds uses the http protocol instead of https. You can increase the security of your data by using SSL or FIPS.

For best performance, SolarWinds also recommends creating an antivirus directory exclusion for the SolarWinds install folder.

Configure the Orion Web Console to require SSL

During the installation process, you can configure the Orion Web Console to use SSL. If you want all users to use SSL when connecting to the Orion Web Console, follow the steps below.

  1. Log on to your primary SolarWinds Orion server as an administrator.
  2. In a text editor, open the web console configuration file, web.config.

    The default location of web.config is C:\Inetpub\SolarWinds\.

  3. In the <system.web> section, add the line:
    <httpCookies requireSSL="true" />
  4. Locate the line:
    <forms loginUrl="~/Orion/Login.aspx" />
  5. Edit it to <forms loginUrl="~/Orion/Login.aspx" requireSSL=”true” />.
  6. To enable the HTTPOnly flag for added security, locate the <httpCookies> tag, and edit it to the following:
    <httpCookies httpOnlyCookies="true" requireSSL="true" />
  7. Save and close web.config.

 

Enable FIPS

FIPS (Federal Information Processing Standard) defines security and interoperability standards for computers used by the U.S. federal government.

Monitored nodes and network discoveries must use FIPS-compliant authentication and privacy or encryption methods.

FIPS-Compliant Methods

Authentication

SHA1
Privacy or encryption AES128, AES192, AES256

 

SolarWinds recommends that you install all FIPS-compliant SolarWinds software on FIPS-compliant servers and maintain all non-compliant SolarWinds software on non-compliant servers.

  1. Configure the Orion server for FIPS compliance. See the Microsoft Support knowledge base for more information.
  2. Start the SolarWinds FIPS 140-2 Manager (SolarWinds.FipsManager.exe).

    By default, SolarWinds.FipsManager.exe is located in the Install_Volume:\Program Files (x86)\SolarWinds\Orion folder.

  3. Read the welcome text, and click Next.
    The SolarWinds FIPS 140-2 Manager will confirm that the current configuration of your SolarWinds products is FIPS-compliant.
    • If an installed product is not FIPS-compliant, click Close, remove any non-compliant Orion Platform products from the FIPS-compliant server, and run the FIPS 140-2 Manager again.
    • If FIPS 140-2 is disabled, select Enable FIPS 140-2, and click Next.
    • If the FIPS Manager provides a list of objects or saved network discovery definitions that are not FIPS-enabled, complete the following steps.

      To refresh the list of non-compliant objects after editing the credentials, restart the FIPS 140-2 Manager.

      • Click the non-compliant monitored node, and edit its Polling Method to be FIPS-compliant.
        1. Select SNMPv3 as the SNMP Version.
        2. Select FIPS-compliant Authentication and Privacy/Encryption methods, and provide the passwords.
        3. Click Submit.
      • Click the non-compliant network discovery, and edit SNMP credentials to be FIPS-compliant.
        1. Confirm that all SNMP credentials are SNMPv3. Delete or edit any credentials that are not FIPS-compliant SNMPv3.
        2. Confirm that all SNMP credentials use FIPS-compliant Authentication and Privacy/Encryption methods, and provide the passwords.
        3. Complete the Network Sonar Wizard using the updated credentials.
  4. Click Restart now to restart all relevant SolarWinds services.
Last modified

Tags

Classifications

Public