This FAQ handles topics related to security.
No, MoSKito itself doesn't offer any access control mechanism, simply because there are too many different scenarios how the authorization and authentication would work. Instead we strongly adjust to protect MoSKito by web.xml constraints for example:
<security-constraint> <web-resource-collection> <web-resource-name> MoSKito Inspect </web-resource-name> <url-pattern>/moskito-inspect/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>moskito</role-name> </auth-constraint> </security-constraint>
Alternatively, if you use apache httpd, you can protect MoSKito path from it. There are many options, feel free to contact the user mailing list for best practices: email@example.com.
You can connect from MoSKito Control to MoSKito Core (the data collecting agent) via HTTP or RMI, and from MoSKito Inspect to MoSKito Core via RMI. The default behaviour of the RMI implementation is to open two ports, one for the RMI registry and one for the services. You need to specify at least one port, the port of the registry. The service port is usually a random high port. This isn't very practical for firewall tunnels, therefore, you can use following options to set ports, that you can explicitly allow in your firewall:
-DserviceBindingPort=9402 - sets the port for the services.
Note, that you can use same port for both options.