Identify trusted administrators to install, configure, manage, and maintain the WhatsUp Gold system. These users may have access to complete server functionality and to sensitive information and they may even bypass auditing functions.
Install all WhatsUp Gold components in a locked room or equipment cabinet to limit physical server access to trusted administrators.
Install WhatsUp Gold software components on dedicated servers. Do not use these servers for any other purpose.
WhatsUp Gold secure operation depends on a trustworthy DNS server in the operational environment. A variety of steps are required to secure a DNS server. Contact your server vendor for relevant procedures.
If using an external LDAP or Active Directory server for authentication, configure the connection to use SSL. For more information, see Setting LDAP credentials.
Use strong Windows passwords to prevent unauthorized access to the Windows operating system on server platforms where WhatsUp Gold components are installed.
Require all WhatsUp Gold users to use strong web UI passwords by following the password complexity rules defined in WhatsUp Gold password management.
Require users to change password regularly.
Avoid using the WhatsUp Gold Administration Console Windows application (WhatsUp Gold Console) for routine operations because the Administration Console does not log any user actions or enforce device group access rights. Limit its use to initial configuration procedures of enabling WhatsUp Gold FIPS mode and enabling failover, and for occasional procedures like WhatsUp Gold backup and restore operations. For instructions see Limiting access to the WhatsUp Gold Administration Console.
Restrict access to WhatsUp Gold Tools and Utilities because they are not regulated by device group access rights. Users can interact with any device that is accessible on the network. For instructions, see Limiting Access to the WhatsUp Gold Tools and Utilities.
When establishing a connection with a network device, use the most secure method of communication supported by a particular device. For more information about using secure protocols, see Using FIPS 140-2 cryptography.
Set WhatsUp Gold to FIPS mode and set WhatsUp Gold platforms (WhatsUp Gold servers, and any additional pollers) to use FIPS cryptography. These modes enforce the use of validated FIPS approved cryptographic algorithms which are more resistant to attacks than non-FIPS approved algorithms. For more information, see Using FIPS 140-2 cryptography.
Inspect WhatsUp Gold logs regularly looking for signs of suspicious actions or the use of weak algorithms where stronger ones are available. In particular inspect the Web User Activity Log as that is the audit log for the WhatsUp Gold server.