PRTG: Sensor of the Week: SSL Security Check Sensor
Written by F.Staffort
If you think back and try to remember the events that have been influencing your company’s IT over the last few months, how many of them were security-related? After Heartbleed and POODLE it’s on everybody’s agenda to keep their SSL certificates up-to-date. As a PRTG Network Monitor user, you can now easily check the SSL connectivity to your devices’ ports with the new SSL Security Check sensor.
The SSL Security Check sensor tries connecting to the specified TCP/IP port number of a device with various SSL/TLS protocol versions and shows if a particular protocol is supported:
- SSL 2.0: weak security (warning if accepted, up if denied)
- SSL 3.0: weak security (warning if accepted, up if denied)
- TLS 1.0: strong security (up if accepted, otherwise gray)
- TLS 1.1: strong security (up if accepted, otherwise gray)
- TLS 1.2: perfect security (up if accepted, otherwise gray)
In the default primary channel “Security Rating” you can see the connection security to the defined port at a glance. The following states give you an indication about the protocol’s strength:
- Down: No secure protocol is available; the sensor cannot connect with one of the given protocols.
- Warning (weak): The sensor can connect with at least one of the weak protocols SSL 2.0 or 3.0.
- Up (strong): The sensor can connect with a strong protocol only (TLS 1.0, TLS 1.1, TLS 1.2); connecting with a weak protocol is not possible.
Although it should not be replacing other measures of security, the SSL Security Check sensor can help you gain an overview of the types of SSL connections that are accepted by your devices’ ports.
This sensor type is currently in beta status. For more information on its development and individual sensor settings, please refer to the SSL Security Check sensor page of the PRTG manual.
Click here to learn more about PRTG.