Pages: [1]   Go Down
« previous next »
Author Topic: Regarding security and Enterprise version of Pandora FMS  (Read 244 times)
0 Members and 2 Guests are viewing this topic.
lebarait
Newbie
*

Karma: 0
Offline Offline

Posts: 2


View Profile
« on: August 30, 2011, 10:49:40 AM »
Good morning,

We are planning to deploy Pandora FMS but a security concern was raised as Pandora FMS tool is free. I am not able to convince the team from security side and it will be disapointed if we have to change to another tool due to secuirty concern.

Also, may I know the difference of Pandora FMS Enterprise version and free version? And what about security on Enterprise version?

Regards,
Logged

tpalacios
Administrator
Sr. Member
*****

Karma: 8
Offline Offline

Posts: 190


The Game


View Profile
« Reply #1 on: August 30, 2011, 12:52:38 PM »
Good morning.

Having an Open Source version of a product doesn't mean it is not safe.

Since this project has begun, there has been a lot of testing regarding this subject, and this experience has allowed us to deploy different and extended methods of authentication and security measures.

Pandora FMS has its own user system, stored in its database, but you have the choice of using Active Directory or LDAP to authenticate against remote systems, keeping the relevant data regarding Pandora rights and roles, in its own database. Pandora FMS has got an authentication API so it can be extended to proprietary mechanisms, implemented by the user itself.

Besides, Pandora FMS has an user role and a permission system, that allows to define new users with different permissions over the different monitoring groups. This way, an user could be administrator of the Accounting System, having only permissions to see the events of the Human Recourses group. There is also an enterprise ACL system which expands this feature by granting the possibility of configuring through ACLs the Operation and Administration sections from the menu that could be seen by the user. This allows to define a different interface for each user, removing specific parts of the interface, even if the user has rights to see it.

All the methods to store and extract the information of the Pandora DB have been tested against any possible vulnerabilities, and our team is working constantly during the development of the upcoming versions in the testing of the tool to find and correct any problem that could appear ASAP.

There's a support team available for these purposes as well.

If you want additional information regarding Pandora FMS Open Source and Enterprise version, feel free to check your email.

I'm going to send you an official presentation of the product with a small overview of it's purpose and features (check pages 19 to 25 to see a resume of all the Open Source and Enterprise features)

I'm also sending you the technical document about the general feature overview in Pandora FMS.

There you will see all the features detailed one by one, and compared between Open Source and Enterprise (if the feature is present in both versions, or just on Enterprise... etc)

If you're not going to read it in the email address you've used to register and you want it sent somewhere else just send me a PM.

Regards.
« Last Edit: August 30, 2011, 01:03:08 PM by tpalacios » Logged

lebarait
Newbie
*

Karma: 0
Offline Offline

Posts: 2


View Profile
« Reply #2 on: August 31, 2011, 05:08:18 PM »
Thank you for your quick response and information.
Logged

Pages: [1]   Go Up
Print
« previous next »
 
Jump to:  


SourceForge.net Logo  This site is monitored by Pandora FMS   ArticaST