Utilizing the collector service, introduced in EventSentry v3.2, will enhance security in a variety of ways as described below.
Traffic Encryption
The collector supports both clear text (not recommended) as well as TLS encryption. Installing the collector service on a more recent version of Windows will ensure that a more secure cipher with a higher bit length will be utilized.
Security Level
Only the medium or high security levels are recommended.
Basic
The basic security level is only recommended for environments where the remote agents connecting to the management console are not listed in the management console.
Medium
The medium security level only lets agents which are listed in a group in the management console connect. This security level should work in almost all environments and is necessary when agents are connecting externally from the Internet through a firewall.
High
The high security level only supports environments where a reverse lookup of a remote agent's IP address can successfully be resolved to a host name, which will in turn need to match the host name configured in the management console. This security level may not work in a scenario where a remote agents connect from the Internet.
Enhanced Action Security
To avoid transmitting the database login credentials (the password of the eventsentry_svc user) to remote agents, it's recommended to configure a database action for enhanced security, which prevents the password from being transmitted and stored on the agent(s). Since the agents connect the collector and not the database, the agents do not require the login credentials.
Since only the EventSentry agents support the collector, any host running other EventSentry software (e.g. database import utility, heartbeat service, network services) will still require the full database connection details. A host running additional EventSentry components can be configured to be a trusted host, by editing the host and checking the "Trusted Host" check box.
Network Authorization
Configuring authorized and blocked networks is recommended wherever possible. Blocked networks always take precedence over authorized networks.
