Logicmonitor DataSources, Monitoring

SSL errors and alerting using a LogicMonitor DataSource

SSL/TLS is a deceptively simple technology. It is simple to deploy, and it just works. Except the truth is – it does not really work, and it is not easy to deploy correctly! To ensure that SSL provides the necessary security, you have to put effort into properly configuring your servers.

For example, consider the  POODLE attack (Padding Oracle On Downgraded Legacy Encryption), a man-in-the-middle exploit taking advantage of Internet and security software clients’ fallback to SSL V3. An attacker could successfully exploit this vulnerability by making no more than 256 SSL 3.0 requests to reveal one byte of encrypted messages. But the time taken to check all sites under your control can quickly mount up and become a task that you leave for another day, which, in IT, means someday….

So we created a LogicModule, SSL Test, which checks your sites for certain vulnerabilities, and alerts you by email, text or voice using LogicMonitor. At the time of publication, it checks for Beast, Logjam, Freak, Heartbleed,  Luckyminus20, Debian Flaw, OpenSslCcs, drown, Known DH primes and poodle Attacks vulnerabilities. It also checks the SSL certificate matches the address.

An example alert is shown here:-

  • ID: LMD12345
  • This server, www.yourwebsite.co.uk, is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate.

By alerting you to the fact and letting you know how to deal with it, you are saving time having to trawl through RSS feeds and security updates. You need to manually add each website you want to check as an instance in LogicMonitor.

Using SSLTest

To do this :

  1. Select a host in LogicMonitor, (it doesn’t matter which one as it is just a placeholder for the DataSource; the actual check is done from the Collector).
  2. Click the down arrow shown here:
  3. Select Add monitored instance then fill out the various required values:

And that is it!