Here will be an overview article on how to set up Checkmk so that you have optimal network security for your monitoring server, as well as for the monitored systems.
First the good news. Through its own agents, Checkmk has an architecture that was designed from the beginning for maximum security. This manifests itself, for example, in that the agents fundamentally do not read data directly from the network. It is therefore impossible for an attacker to inject code. That said, the agents do not even trust the monitoring server itself.
HTTP protocols are used at various points in Checkmk — whether for internal communication or for the connection of other systems. Use HTTPS wherever possible. In other situations there are additional optional encryption techniques. You can also find instructions in this User guide: