Inthe rapidly evolving cybersecurity landscape, security is crucial. At Paessler, we understand the importance of security and have committed ourselves to providing a robust and secure network monitoring solution. In this blog, we are going to explore how Paessler PRTG ensures the confidentiality and integrity of the transmitted data. Specifically, we will discuss how secure communication is established, and what options you have at your disposal to further improve your setup
To use all the above protocols and ciphers, PRTG does not use custom implementations, which could introduce mistakes. It depends on OpenSSL 1.1.1, which will be upgraded to OpenSSL 3 in the future. OpenSSL is a well trusted and industry-recognized open-source software for cryptographic operations.
When a new update of OpenSSL is released, our security team reviews the vulnerability fixes (CVEs) and performs context analysis. This gives us the ability to plan how fast we can update the embedded OpenSSL version. A strong commitment to maintenance is one of our core values, and thus we make sure that OpenSSL also gets updated in a timely manner, even if our current version does not ship vulnerabilities which actively affect PRTG.
As a customer, you can always open a ticket at our helpdesk portal for clarifications regarding protocol support, specific setups, or CVE fixes.
In addition to the SSL/TLS implementation, PRTG protects users from various web security threats as well. We are achieving this by enforcing input sanitization methods within our code, reducing the risk for successful attacks like cross-site scripting (XSS) or path traversals. However, since we are aware that there is no such thing as 100% security, on top of our input sanitization methods, we constantly run automated security tests against our web server to further improve the defenses of PRTG.
In all server requests, we include HTTP headers. Specifically, we use: X-Content-Type-Options, Content-Security-Policy, and Cache-Control. Although PRTG does not officially support HSTS headers yet, we at Paessler are aware that the missing HSTS header sometimes come up in pentests or from tooling that does automated security scans. For this reason, in the future, we plan to allow users to set custom headers in the Application Server.
Users that are currently required to use the HSTS headers can do so by deploying another software in between, such as a reverse proxy, that adds the header to the requests. You can read how to add a proxy in this knowledge base article:
With all the above security features, PRTG ensures the integrity and confidentiality of all the transmitted data, while reducing the risk for successful web attacks. Nevertheless, admins should always implement further security measures (e.g. firewall, antivirus etc.) to protect their infrastructure.
As security is a never-ending story for the users as well as for us, we encourage everyone to contact us at
secu...@paessler.com to report potential security issues or concerns.
3a8082e126