Web interface security
When IPNetwork Monitor is installed, it provides a Web interface to the monitoring setup. Through it, you can access reports and dashboards, and — if permitted — perform administrative actions such as starting, stopping, and polling monitors.
The Web Interface can be configured to use HTTP, HTTPS, or both protocols. For security-sensitive environments, HTTPS with your own certificate is the recommended choice.
Whereas this is a useful tool, its default settings may be too public in certain cases. Depending on your monitoring setup, you may want to restrict the above administration functions to your system and network administrators. Please follow the below checklist to ensure the Web interface to your monitoring setup meets your security standards.
Apply the latest IPNetwork version and configuration settings
Unless you use the latest IPNetwork Monitor release, you might be running outdated components or outdated security defaults. The first thing to do is check that you are using the latest IPNetwork version. Run IPNetwork Monitor GUI client and proceed to “Help > About IPNetwork Monitor…” to view the version and build of your installation.
After you make sure you are running the latest version, proceed to configuring the Web Interface according to current security recommendations. For HTTPS hardening, Mozilla SSL Configuration Generator and SSL Labs are useful current references.
Restrict Web interface to local addresses
Be default, Web interface configuration uses default (primary) network address. Unless the system where IPNetwork is installed is accessible from intranet only, you might wish to use less public addresses instead of default one.
Start IPNetwork GUI client, proceed to “Settings > Web Interface” and replace the default value of Host field ($AUTO), e.g., with “localhost” or “127.0.0.1” (or another IP address from 127/8). Depending on ho wmany network interfaces is installed on the system running IPNetwork Monitor, you might also wish to select another IP address). Stop and start monitoring service, to enable the new settings.
Note: in case you need to send IPNetwork notifications and/or reports to third parties, you might need to let Web interface remain available to them, as well. In such a case, you might need to add HTTP authentication (require user name and password to access Web interface), to keep confidential data secure.
Use authentication (per user access control)
By default, Web interface doesn’t require authentication; anyone capable of connecting to it, can use all the functions available. Since those functions include changing monitors state, you might wish to require authentication, to only allow access on per user basis.
Follow the instructions on the corresponding knowledge base page to set up HTTP authentication for the IPNetwork Monitor Web Interface. It is also recommended to set an access password, which adds another layer of protection for monitoring data and stored credentials.
Custom Web interface pages
Finally, you can either customize existing Web interface pages, or create arbitrary number of new ones, with styles, content etc. matching your needs.
IPNetwork Web interface files (HTML templates, JavaScript, CSS and image files) are located in htdocs\nms4 directory beneath IPNetwork installation directory. You are free to alter the files as you need; however, we strongly recommend to back up the entire mentioned directory; otherwise, you might need to re-install IPNetwork to retrieve its default Web interface file.