4.4 Network Communication Options

The various components of Sentinel communicate across the network, and there are different types of communication protocols used throughout the system. All of these communication mechanisms affect the security of your system.

4.4.1 Communication between Sentinel Processes

Sentinel processes include the Sentinel server, Correlation Engine, and Collector Manager. They communicate with each other by using ActiveMQ.

The communication between these server processes is by default over SSL via the ActiveMQ message bus. The processes use SSL by reading the following information in /etc/opt/novell/sentinel/config/configuration.xml:

<jms brokerURL="failover://(ssl://localhost:${activemq.port.userapps}?wireFormat.maxInactivityDuration=30000)?randomize=false" interceptors="compression" keystore="${esecurity.config.home}/etc/opt/novell/sentinel/config/.activemqclientkeystore.jks" keystorePassword="password" password-file="${esecurity.config.home}/etc/opt/novell/sentinel/config/activemqusers.properties" username="system"/> 

The jms strategy shown in this XML snippet defines how the Sentinel process connects to the server. This snippet defines the client-side settings of the connection.

Table 4-1 XML Entries in the configuration.xml File

XML Entry

Description

ssl://

Indicates that SSL is used for secure connection. You should not modify this value.

localhost

The hostname or IP address where the Java message service (JMS) server is running.

61616

The port that the JMS server is listening on.

?wireFormat.maxInactivityDuration=0&amp;jms.copyMessageOnSend=false

This is where ActiveMQ configuration parameters are passed to the transport mechanism. These entries should be modified only if you are an expert in ActiveMQ.

interceptors="compression"

Enables compression over the connection. You should not modify this value.

keystore="/etc/opt/novell/sentinel/config/.activemqclientkeystore.jks"

The path to the Java keystore, which is used to check if the server is trusted.

keystorePassword="password"

The password to the Java keystore file.

password="1fef3bcdd3fbcbc5cd795346a9f04ddc"

The password to present to ActiveMQ for authenticating the connection. This corresponds to a password in the /etc/opt/novell/sentinel/config/activemqusers.properties file.

username="system"

The username to present to ActiveMQ for authenticating the connection. This corresponds to a username in the /etc/opt/novell/sentinel/config/activemqusers.properties file.

The server-side settings are defined in the /etc/opt/novell/sentinel/config/activemq.xml file. For instructions on how to edit the activemq.xml file, see the ActiveMQ Web site. However, NetIQ does not support modifying of the server-side settings.

4.4.2 Communication between Sentinel and the Sentinel Control Center and Solution Designer Client Applications

The Sentinel Control Center and Solution Designer client applications use SSL communication through the SSL proxy server by default.

The client applications uses SSL by reading the following information in /etc/opt/novell/sentinel/config/configuration.xml:

<strategy active="yes" id="proxied_client" location="com.esecurity.common.communication.strategy.proxystrategy.ProxiedClientStrategyFactory">
      <transport type="ssl">
        <ssl host="10.0.0.1" port="10013" keystore="./novell/sentinel/.proxyClientKeystore" />
      </transport>
    </strategy>

4.4.3 Communication between the Server and the Database

The protocol used for communication between the server and the database is defined by a JDBC driver.

Sentinel uses the PostgreSQL driver (postgresql-version.jdbc3.jar) to connect to the PostgreSQL database, which is a Java (Type IV) implementation. This driver supports encryption for data communication. To download the driver, refer to the PostgreSQL Download Page. To configure the encryption, refer to PostgreSQL Encryption Options.

NOTE:Turning encryption on has a negative impact on the performance of the system. Therefore, this security concern needs to be weighed against your performance needs. The database communication is not encrypted by default for this reason. Lack of encryption is not a major concern because communication with the database occurs over the localhost network interface.

4.4.4 Communication with Web Browsers

The Web server is by default configured to communicate via HTTPS. For more information, see the Jetty documentation.

4.4.5 Communication between the Database and Other Clients

You can configure the PostgreSQL SIEM database to allow connections from any client machine that uses pgAdmin or another third-party application.

The PostgreSQL database is compiled with the --with-openssl flag. You can configure it to use encrypted communication, although that is not the default setting. Typically all database communication in Sentinel is performed locally and not over the network.

To allow pgAdmin to connect from any client machine, add the following line in the /var/opt/novell/sentinel/3rdparty/postgresql/data/pg_hba.conf file:

host all all 0.0.0.0/0 md5

If you want to limit the client connections that are allowed to run and connect to the database through pgAdmin, specify the IP address of the host in the above line. The following line in the pg_hba.conf file is an indicator to PostgreSQL to accept connections from the local machine so that pgAdmin is allowed to run only on the server.

host all all 127.0.0.1/32 md5

To allow connections from other client machines, you can add additional host entries in the pg_hba.conf file.

To provide maximum security, by default, PostgreSQL only allows connections from the local machine.