Security for Monitoring

dbwizardry · January 5, 2021, 3:27pm

Hi,

Using Grafana Cloud I am looking to deploy Grafana Monitor Visualization for SQL Server, Oracle etc… using those data sources. These instances, databases will be on-premises and within Cloud such as Azure. The question I have would be how do I secure the connection ? Such as data source ask for the host details, so for example SQL Server I would need to allow port 1433 for inbound. But don’t want to make the port 1433 to public. Is there a tutorial or advise on how to configure Grafana Cloud, Network to be secure connection that does not expose the environment to the public.

Also, is there any other network ports I need to configure ? Any tutorials would be appreciated to accomplish this to allow monitoring of multiple SQL Server and Oracle services in a secure manner.

jangaraj · January 5, 2021, 8:36pm

dbwizardry · January 6, 2021, 11:23am

Thank you, so once those source IPs have been whitelisted the connection would be secure ? Is the end to end connection encrypted between Grafana Cloud and the target ?

jangaraj · January 6, 2021, 12:32pm

How do you define "secure!?

Generally, you should have data encrypted at rest, but also in the transit. So you may have enable “some” TLS. But attackers may discover that your TLS is old/obsolete broken TLS version. Then you may spend some bucks to fix that, but attacker will use SQL injection in some your app. You may fix it as well, but then you may expose your plain text connection string on the GitHub - securiity can be never-ending story. Good start point can be some encryption documentation for your SQL Server.

dbwizardry · January 6, 2021, 12:49pm

Thank you in terms of secure, for every SQL Server instance or Oracle database to be monitored, if the source IP address are whitelisted is there any other security concerns to bear in mind ? Also, any other configuration required from network to allow monitoring of those products.

dbwizardry · January 13, 2021, 2:31pm

Hi,

I am adding first data source for SQL Server and trying to connect it to Azure SQL Server within IaaS VM. The private IP address is available and public IP address isn’t exposed. The connection timeout error is presented please help for how a secure connection can be made to then monitor the target SQL Server ?