« December 2012 | Main | February 2013 »

January 24, 2013

Enumerate protocols and ciphers for Tomcat

By default, Tomcat instances configured for SSL will accept pretty much any secured cipher, which, obvously, this not always optimal. Use the following method to insure AES 128 or AES 256.

First, insure that a protocol is specified within the connector block, for example:
sslProtocol="TLS"

Next, add your cipher specifications:
ciphers="TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA"

Finally, restart Tomcat. You should have enforced AES 128/256.

Posted by cdgrieb at 01:19 PM | Comments (0)

January 08, 2013

Agent based system monitoring vs external monitoring...

Some of the drawbacks associated with external monitoring (basically, pointing a monitor at a server and attempting to extract data) are lack of monitor consolidation and inability to pull detailed system information. Agent-based monitoring solves the above listed issues by relying on an internal system agent that retains the ability to pull detailed system data. A few agent based monitoring systems including Monitor.us and Nagios.

Posted by cdgrieb at 08:32 AM | Comments (0)

System Administration - monitoring and Manage Engine...

There are a lot of really nice components associated with Appmanager, including highly detailed SNMP monitoring, web traffic analysis, and extensive notification options. However, the service is still managed locally, and is susceptible data center availability. As a result, the SA team is exploring the possibility of cloud based, agent monitoring options such as Monitor.us.

Posted by cdgrieb at 08:16 AM | Comments (0)