Online Help > Getting Started

Security Checklist

Description

 

To achieve the highest level of security, you should adhere to the following guidelines.

 

ShieldWarning48x48

These recommendations are valid ONLY if the Devolutions Password Server instance is hosted on an intranet EXCLUSIVELY. You must involve a person with knowledge of Internet security to safely host any application on the Internet. You need to protect the site from Denial of Service attacks using an appliance or a security module that is external to Devolutions Password Server.

 

General

 

Use Windows Authentication exclusively.

Ensure all LDAP communication uses LDAP over SSL

 

SQL Server

 

Enable only the Windows Authentication Mode

Create a domain account that will be used to create the database (RDMOwner), as well as another account that will be used by the web server to connect to the database (RDMRunner). The latter must have only the minimal set of permissions for perform its tasks.

Communicate ONLY through an encrypted connection, please see Encrypting Connections to SQL Server

 

Web Server

 

Configure the application pool to use domain credentials. This account will be added to the SQL Server as a login and be granted only the permissions that are needed (RDMRunner).

Serve content through SSL (https). See Configure SSL