Security planning
Review the following topics for information about how the PATROL Agent provides security and recommendations for secure deployment.
Security feature | Description | Link |
|---|---|---|
Account and access security | Providing read-only access to user accounts is recommended to ensure secure and efficient monitoring of resources like Oracle and WebSphere. This approach minimizes potential security risks while still providing effective monitoring. Additionally, PATROL Agent enhances security by using Access Control Lists (ACLs) and configuration settings to define who can access the agent and from where. These controls prevent unauthorized access and ensure that only approved users and systems can interact with the agent. | |
Ownership and permissions for files, directories, and command-line utilities | When the PATROL Agent starts, it automatically sets ownership and permissions for critical files and directories. These settings protect configuration and log files from unauthorized modifications. | |
Securing communications | PATROL Agent uses TLS v1.2 for secure communication with BMC Helix Operations Management to make sure data is transferred securely. The communication is further secured by a key exchange process, where unique encryption keys are generated and shared between the PATROL Agent and BMC Helix Operations Management. Administrators can also select between different levels of certificate validation to enhance communication security. | |
Encryption | Sensitive data, such as credentials, is encrypted by using advanced techniques in the PATROL Agent. Dynamic keys are generated to make sure this data remains secure and accessible only to authorized users. |