Security is within our DNA
Monitoring hand in hand with experience
We talk about computer security in our blog
The security of your data as a fundamental pillar of monitoring
Pandora FMS roots come from specific needs in bank security environments and that has absolutely defined Pandora FMS design and architecture. Security has always been present and we can say confidently that Pandora FMS is adaptable, in order to meet strict security standards such as PCI/DSS or ISO 27001.
Monitoring is a technology that needs access to all IT infrastructure elements and that is a key aspect to bear in mind when implementing a monitoring system.
Believes the risk of being a victim of cybercrime is increasing
Are concerned that their private data is not protected by suppliers
Are concerned about their private data being misused
Are concerned that their data is not kept secure in their environments
Source: *EU commission Special Eurobarometer: Europeans attitudes towards Internet Security, March 2019
Secure architecture elements in Pandora FMS
Safe traffic through encryption and certificates
Pandora FMS supports SSL/TLS encryption at all levels (user operation, communication among components, data forwarding from agents to servers) as well as certificates at both ends.
Double authentication system
It is based on google authenticator, which allows forcing its use for all users for security policies.
Delegated authentication system
Applied at application level, to authenticate against LDAP, Active Directory or SAML.
ACL and user profiling
Each permission gets defined in an access bit and those permissions are collected in access profiles that are applied to users for each ensemble of system actives. Exceptions can be defined and any system element can be custom restricted through extended ACLs.
Internal audit system
Which registers all user actions, including information about modified or deleted fields.
Granting audit data lo external log managers
Audit registers can be exported to third parties for higher security.
This allows forcing a tight access password management policy for application users (console): password minimum number of characters, type of password, password reuse, forcing changing passwords once in a while, etc.
Sensitive data encryption
The system allows saving sensitive data in an encrypted way and safely, such as access credentials, monitoring element custom fields, etc.
For the administrator to be able to delegate the use of credentials to other users that make use of said credentials, to monitor elements without seeing the passwords.
Full High Availability
For all elements: databases, servers, agents and console
The console itself has a backup system to make recovery easier in the event of a failure.
Agent blocking system
For security critical environments, where the agent cannot be remotely managed once it is configured.
Agent communication safe architecture
Your agents will not listen in a port or have remote access from the console. They will connect with the central system to ask for instructions. All communications can be end-to-end encrypted with CA-validated certificates if required.
Installation with no root
Pandora FMS can be installed in environments with custom paths without being executed through root. In some finance environments it is a requirement we meet.
Physical separation between components
That offer an interface to the user and information stockage (filesystem). Both DB-stored files and filesystems that store monitoring configuration information can stay in physically separated machines in different networks, and protected through individual perimetral systems.
Pandora FMS components have their input and output ports documented, so it is possible to securize all accesses through firewalls to and from its components. In addition, you may customize their use.
Restricted area monitoring
So that you may collect data from a network with no access to the outside, perfect for very restrictive environments.
24/7 direct international support
At the other side of the phone, you will find an experienced technician from our engineering team, who will also have the backup of the rest of the team in charge of Pandora FMS, from the development team to the sales team that manages your account.
Safe environment implementation guide
We have a little implementation guide for safe environments. Of course we also offer consulting advanced services to help you if necessary.
We keep a register of Pandora FMS public reported vulnerabilities updated. Furthermore, we have a public security breach management policy that allows any security investigator to report failures in order for us to fix them and notify our clients before those become public and can be taken advantage of by third parties.
The whole code is public and accessible in the OpenSource version, not recently, but since 2005. The code of the Enterprise version can be requested under specific circumstances (only for clients) so that you may audit it if you consider it necessary. We have done it for different clients in national and aerospace security.
Pandora FMS Certifications
Pandora FMS -as a company- is certified in ISO/IEC 27001:2013 (ES-SI-0084/2020). We also comply with the National Security Scheme (ENS) in its basic category.
Do you have any security questions?
If you have a question about Pandora FMS security, please contact us.