Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from...
-
Upload
astiostech-sdn-bhd -
Category
Software
-
view
135 -
download
2
Transcript of Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from...
![Page 1: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/1.jpg)
Functionality, security and performance [email protected] |Microsoft MVP | ELITE M’sia
![Page 2: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/2.jpg)
Topics • What is monitoring
• The need for monitoring• Options available out there
• Core components of a typical website• What to monitor?
• Inter-networking• Physical• OS• Backend• Frontend
• An introduction to Nagios - Framework Monitoring • Q&A
![Page 3: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/3.jpg)
What is monitoring?Wiki:
Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages. It is part of network management.
![Page 4: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/4.jpg)
Ping – my first monitoring tool..
![Page 5: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/5.jpg)
Monitoring is an art, it’s an orchestration for visibility
![Page 6: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/6.jpg)
Why monitor?• Commercial impact• Personal impact• Organizational and establishment impacts
![Page 7: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/7.jpg)
If’s there aren’t any problems, just wait..
![Page 8: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/8.jpg)
If your digital assets are valuable, your monitoring tool will help sustain that
![Page 9: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/9.jpg)
Why? Some, of the many many reasons..• Measure performance, monitor security and
assure functionality• Slowdowns make search engines to not like
you anymore• Problems will make customers cringe • Security breaches can hurt credibility • Plan wisely, save money• Service levels• Compliance
http://backlinko.com/search-engine-ranking
![Page 10: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/10.jpg)
The application and monitoring conundrum
Your Site
Your Monitoring
![Page 11: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/11.jpg)
If users complain and if you don’t know
YOU NEED MONITORING
![Page 12: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/12.jpg)
Questions to ask…• Do I know what’s going on with my site(s)?• Do I know what is the experience of my consumers on my site
are like?• Do I know if my resources are sufficient?• Is there any room for improvement?• Am I sufficiently informed on issues?• Do I comply with industry standards?
![Page 13: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/13.jpg)
Smart admins automate as much..Smart developers get smart admins to help them automate as much..
![Page 14: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/14.jpg)
Options available out thereWhat to use?
![Page 15: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/15.jpg)
Monitoring software• Virtually hundreds.• Some commercial, some free, some free and open source.
Some on cloud and some hybrid and some on premises.• Examples of Open Source Monitoring Tools
• Nagios• Cacti• Icinga• Opsview• OpenNMS• Op5
![Page 16: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/16.jpg)
General guidelines when choosing• Familiarity • Functionality• Flexibility• Cost• Complexity/Completeness• Support (and roadmap)
![Page 17: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/17.jpg)
What to monitor?With special focus on Joomla and its ecosystem
![Page 18: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/18.jpg)
The drawing board – Relative OSI model
![Page 19: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/19.jpg)
The drawing board– A typical Joomla Site
Inter- Networki
ngPhysical OS Backend Frontend
![Page 20: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/20.jpg)
The drawing board - Supporting Actors• Application load balancers• Security solutions• Cipher off loaders• Clustering• Caching technologies• Custom app add-ons• Others…
![Page 21: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/21.jpg)
Each one of those components, can and will affect your site.Thus, every one of those should be monitored.
![Page 22: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/22.jpg)
What to monitor General connectivity
• Routes• DNS• Local vs Geographical reachability
• Edge devices• Firewalls• IPS/IDS• Routers• Switches• Load balancers
![Page 23: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/23.jpg)
Inter-networking• ICMP Ping
• Host up or down• Roundtrip time & Latency• Packet loss
• TCP Ping• Port specific
• UDP Ping• Send with / expected reply
![Page 24: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/24.jpg)
DNS – The building blocks of the internet
• DNS Resolution• Correctness• Speed
• Domain expiry• Rogue domains
proliferation
![Page 25: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/25.jpg)
Firewalls• Thousands of logs? Are we
reading them? Well we should!• What’s inside those logs?
• Can we form a pattern to be preemptive rather than reactive?
• Is the firewall the bottleneck?• Is the firewall overworked?
![Page 26: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/26.jpg)
What to monitor • Physical
• CPU• Memory• Disk• Temperature• Hardware modules
• RAID• Fans• Power Unit
• Power
![Page 27: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/27.jpg)
Server (s) capacity
![Page 28: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/28.jpg)
What to monitor – OS• Operating System (OS)
• Updates• Open files• OS messages• Interface Bandwidth• Attempted/Unauthorized access• Rogue apps/Trojans/Rootkits• File accessibility• File configuration changes• Check for ports/processes• Check for services• Check for job completions/backup completions• Check HA/Replication• Date and Time
![Page 29: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/29.jpg)
Rootkit
![Page 30: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/30.jpg)
What to monitor - Backend• Backend
• PHP engine (Apache/IIS/NGINX)• Databases (PostgreSQL/MySQL/MSSQL)• SSL engine (mods)• Data replication • HA and load balancing • Caching engine• FTP/SSH/SFTP etc..• Others
• Email server• LDAP/Directory• File share• Virtualization • Remote access• VPNs
![Page 31: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/31.jpg)
PHP/Webserver• Is the webserver running• Is the PHP engine running• Is it running the latest relative
version• Other PHP modules loaded and
working properly• E.g. suhosin, mod_security
• Worker processes• Compilation/execution time• Throughput• Server crashes• Requests vs responses• Error codes/Events
![Page 32: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/32.jpg)
Databases• Is the database server running• Queries
• Slow queries• Rogue queries (injection attempts)
• Check # of processes/queue• Replication statuses• Latency of read/write• Table statues• Connections to the server• Threads• Errors• Memory and CPU usage
![Page 33: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/33.jpg)
Frontend• Checking functionality of the PHP scripts
• WebInject• Checking PHP script data size consistency• PHP version• Apdex score• Events• Responses• Defacement• Periodic & Automatic auditing• Check Joomla version against yours
• Updates• Security• Mods
![Page 34: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/34.jpg)
Frontend reverse check• An interesting way to have a real life test on your servers
Normal way
Interesting way
![Page 35: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/35.jpg)
Nagios – Framework MonitoringPerhaps the best monitoring tool, I know…and here’s why
![Page 36: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/36.jpg)
Introduction to Nagios• N.A.G.I.O.S -> Nagios Ain't Gonna Insist On Sainthood
• Worlds most deployed open source monitoring solution
• Winner of several awards and recognitions
• Can monitor *anything*, really..!
![Page 37: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/37.jpg)
More on Nagios..• Nagios is a framework• Enterprise grade
• Same class as HPOV, Tivoli, etc..• Supports just about anything you have• It's open source • Highly scalable• Easy to use and customize• Built around largely successful apps such as
MRTG, MySQL, Apache and surely, Linux
![Page 38: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/38.jpg)
Typical monitoring offerings• Other monitoring solutions…
• It’s a nice house• It will only be like that as
designed by the architects• You can renovate, but cost you
lots of $$$• You have to always go back to
the developer for help• If you wish to do more, you
need to buy a new house
![Page 39: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/39.jpg)
Framework?• With Nagios
• Make the most beautiful house• You decide how your house
should look like• Renovate, redesign, rebuild
and customize, no additional cost!
• Anyone knows to use a LEGO set, knows how to support your house
• Need to do more? Don’t need to buy a new house, just use the blocks and enjoy…
![Page 40: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/40.jpg)
Why Nagios?• Building a monitoring solution of what you need, not what the product can offer
• Unlimited possibilities• Monitor everything
• No license cost• No maintenance cost
![Page 41: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/41.jpg)
What Nagios can do?• Again, quite a bit, specifically…
• Hardware• Software• Event logs• Any logs• Clustering support• Through WMI• Through scripting (VB, PowerShell, cmd.exe)
![Page 42: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/42.jpg)
Plugins are at the heart of Nagios’s success
![Page 43: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/43.jpg)
Plugins: Nagios is has the largest repository of plugins in the planetOver 5000 and counting
![Page 44: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/44.jpg)
Customizing – Creating your own plugin
• Simple logic to do so• If something = some value
then set OKelse then set WARNING
• Exit codes tells Nagios to set OK, warning or critical. So if I exit 0=OK, exit 1=warning, exit 2=critical
![Page 45: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/45.jpg)
Just about any system..
![Page 46: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/46.jpg)
Response: If <event>, then, do this, that…
Something went wrong
Send alerts
Remedyand more..
![Page 47: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/47.jpg)
The B list of stuff to monitor• File and print server availability. Fake a file save operation and see if that
worked/or not..• Check if clusters are still “clustering”• Scan network for open ports• Scan if a log has been compromised. Or, scan logs for a particular keyword• Check if the last backup was successful• Check licenses on a license server (e.g. lm-manager)• Check if servers running on UPS or city power• Check any log files• Run shell codes to gather informaton
• Unix shell, MS Powershell
![Page 48: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/48.jpg)
And finally..• Environmental devices • Other Monitoring Tools
![Page 49: Functionality, security and performance monitoring of web assets (e.g. Joomla, Wordpress,built from scratch)](https://reader036.fdocuments.us/reader036/viewer/2022062823/5878bf9f1a28ab26728b4cb3/html5/thumbnails/49.jpg)
Thank you | Q&A
Copyright 2016 © Astiostech Sdn Bhd. For informational purposes only. No warranties of any kind are made and you have to verify all information before using it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties or on our website.
Experts in Open Source Network Monitoring | VoIP | Cloud Telephony | Security | CMDB