Securing the collection server
Applies To: Forefront Client Security
The collection server runs the following applications:
MOMĀ 2005 server
MOM Operator console
MOM Administrator console
Microsoft Forefront Client Security Management Pack for MOM
It is recommended that you follow best practices for securing MOM. For more information about MOM security, see Security Best Practices (https://go.microsoft.com/fwlink/?LinkId=87262).
Flood protection
The Client Security Management Pack for MOM includes a server event rule that helps defend the collection server against denial of service (DoS) attacks. The rule checks for MOM agents that are sending more events within a configurable time period than is allowed. When a MOM agent exceeds the allowed number of events, the rule automatically disconnects the flooding client from the collection server.
Similarly, the rule checks for MOM agents that send events with too many parameters.
For more information about flood protection, see Configuring "Flooding Detected" alert parameters (https://go.microsoft.com/fwlink/?LinkId=87104).
Security for connections to the collection server
It is recommended that you secure connections to the collection server. The following connections may exist.
| Component | Connection to | Topologies |
|---|---|---|
Collection server |
Collection database |
Five-server and six-server |
Management server |
Collection server |
Four-server, five-server, and six-server |
Client computer (MOM agent) |
Collection server |
All |
Server-to-server connection security
The server-to-server connections involving the collection server are related to the MOM server and MOM consoles. You can use Internet Protocol security (IPsec) to secure these connections. For more information about using IPsec with MOM, see the following topics:
IP Security (IPSec) (https://go.microsoft.com/fwlink/?LinkId=87064)
Compatibility of IPSec, SSL, OLEDB Encryption, and SMB Packet Signing (https://go.microsoft.com/fwlink/?LinkId=87070)
MOM agent-to-server connection security
By default, connections between MOM agents and the collection server are mutually authenticated, encrypted, and digitally signed; however, you can use IPsec to secure these connections if mutual authentication is unavailable.
Note
Client Security supports alerting and reporting only for client computers that are mutually authenticated.
For more information, see "IPSec and MOM" in IP Security (IPSec) (https://go.microsoft.com/fwlink/?LinkId=87064).