Solved

System Monitoring Behind Multiple Firewalls

Posted on 2014-07-24
4
80 Views
Last Modified: 2016-07-14
Our company has recently been tasked with figuring out a way to monitor Windows systems in layer 3 of the purdue model which will be behind firewalls at layer 3.5 to 4 and 3.5 to 3.  Per a security policy we have in place, no traffic is being allowed out of 3 to 4, but is allowed to 3.5.  We currently use SCOM, SIM, Commvault and vCenter for alerting and backups on physical and virtual servers, but run into a scalability issue if we need to stand up all of these consoles at all the locations this could potentially be set up at.  In a nutshell we are looking for a way to maintain our centralized management, but still utilize our tools on layer 3 to receive alerting.  Is anyone aware of a product that would forward alerts from the servers to these monitoring tools without having to stand up these systems in the DMZ?
0
Comment
Question by:rymeat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40219678
I am thinking remote probes as described in the below PRTG use case. It has metric to monitor various aspects and the SSL connection to its core server at central serves the main nerve to all remote probe deployed

Http://www.paessler.com/manuals/prtg9/remote_probes_and_multiple_probes

Another is to leverage SCOM’s ACS (Audit Collection Services) in each untrusted domain (it can be co-located on the Gateway server), but since it requires an Active Directory domain, it is not suitable for workgroups.  Also to use a central ACS Collector (and associated ACS database) in the management VLAN. This required each agent (ACS Forwarder) to have direct communications on TCP 51909 with the central ACS Collector. It required additional firewall rules to be created.

http://technet.microsoft.com/en-us/library/hh212823.aspx

setting up SCOM across untrusted domains and workgroups requires the use of SCOM Gateway servers or using certificates for mutual authentication. If you are working with trusted domains, you do not need to use Gateway servers. The advantage of using Gateway servers is to facilitate communication across firewalls, by limiting the amount of access rules that need to be created.

http://blogs.technet.com/b/cliveeastwood/archive/2007/05/11/how-to-configure-audit-collection-system-acs-to-use-certificate-based-authenication.aspx

for info on opening ports on the firewall:

Between SCOM servers/agent and AD : Global Catalog (TCP 3268/3269), LDAP (TCP/UDP 389) and RPC (TCP 135)
Between SCOM servers/agents and DNS : UDP 53
Between SCOM servers and Agents : TCP 5723
1
 
LVL 63

Expert Comment

by:btan
ID: 41711564
The answer shared already shared PRTG as a mean of sending the traps for central monitoring which has far more granular metric on the serber service and likewise the event forwarding via ACS setup aince user is using SCOM. A SIEMS will be good for collection of syslog rather than traps for correlation of security event though author does not have. The port opening are also highlighted.

For consideration of ID: 40219678 as solution
1

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How long to crack a 8 chars alphanumeric password 18 131
Impacts of a Security Breach on an Organization 6 56
ransomware backup 8 136
bitlocker admin and monitoring 2 42
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question