If you are taking advantage of the many helpful and powerful modules SolarWinds has to offer, it’s time to make sure you are taking steps to secure your products as well as your environment.
I work with a lot of diverse clients and companies and the one thing many of them have in common is not taking advantage of (or even realizing) some of the security measures SolarWinds provides for you right out of the box.
STEP 1. Configure the Orion console to use HTTPS
Being a web based product SolarWinds Orion can take advantage of HTTPS for a more secure browsing experience. With the release of Orion Platform version 2017.1 SolarWinds has made it easier than ever for you to setup HTTPS on your Orion products.
- Log in to your Orion server as an administrator.
- Run the Configuration Wizard from the Start menu.
- Select Configure the website, and click Next.
- Clear the Skip website binding option.
- Select Enable HTTPS.
- Choose the installed certificate. If the certificate does not show in the list, review how certificates are categorized
Step 2. Giving users only the access they need.
Many SolarWinds administrators realize they can give user administrator rights as well as node management rights in Orion. However, many of them are not aware that some individual modules such as IPAM and NCM have their own rights and security.
If these are overlooked administrators could be granted access to privileges they are not normally permitted to have in their IT environment.
Let’s look at NCM for example. NCM is a powerful tool that lets you save a tremendous amount of time by performing bulk configuration changes to many network devices at the same time. As you can see from the image above rights range from no access all the way to Unlimited access.
Regardless if a user is an administrator in Orion or not if you grant them Administrator rights under the Network Configuration Manager settings they will have unlimited access to all monitored network devices in NCM which could be a potential security violation in your company.
STEP 3. Account Limitations
Account limitations are a fantastic way of further securing your SolarWinds Orion environment. Account limitations can easily be created to allow access to a single device, a group of devices, or a certain type of device.
Once an account limitation is created, only the nodes that you have specified are available to that user. The user with the limitation will not even be aware that other nodes exist within the system, they will in no way be able to see or access them.
To setup an account limitation, complete the steps listed below.
Customize the account limitation of the account:
- On the Orion Web Console, go to Settings > Manage Accounts and select the account to customize and then click Edit.
- Under Account Limitation, click Add Limitation.
- Select the Type of Limitation (Single Network Node) then click Continue.
- Select the Node you want to appear in the view for the specific account then click Submit.
On top of the many predefined options SolarWinds has provided to set an account limitation you can also take advantage of using custom properties. This can be done by using the account limitation builder application on the Orion application server.
- Click Start > All Programs > SolarWinds Orion > Grouping and Access Control > Account Limitation Builder.
- Click Start on the splash screen.
- Click Add Limitation.
- Select a Custom Property. The fields are populated automatically based on your selection.
- Choose a Selection Method.
- Click ok.
SolarWinds Provides many useful powerful tools to assist you with monitoring as well as managing your network environment. Be sure to keep the power in the right hands with these simple but helpful security tips.
Field Systems Engineer