On Tue, Feb 10, 2009 at 10:06:39AM +0200, Neil Franken wrote:
I need to monitor several satellite sites with XyMon. These sites are not available on our local LAN so I have to go via the internet. I am a bit hesitant to open the ports etc since the information collected can be used in foot printing the system. How would I go about securing the service so that xymons information does not fall into the wrong hands?
For a solution now, OpenVPN would be my suggestion - it is very easy to setup, uses standard OpenSSL encryption with digital certificates for authentication, and has a nice price ($ 0,00). Plus you get a true VPN connection to the server, so if need be you can SSH to the remote servers through the VPN tunnel - or rdesktop, if they are Windows servers.
In the slightly longer run, the Xymon clients will know how to use an SSL-encrypted connection to the Xymon server. This is planned for one of the releases that will show up over the coming months (see my announcement from yesterday).
Regards, Henrik