Please enable JavaScript to view this site.

Security Checklist

Description

To achieve the highest level of security, you should adhere to the following guidelines.

ShieldWarning48x48

These recommendations are valid ONLY if the Devolutions Password Server instance is hosted on an intranet EXCLUSIVELY. You must involve a person with knowledge of Internet security to safely host any application on the Internet. You need to protect the site from Denial of Service attacks using an appliance or a security module that is external to Devolutions Password Server.

General

Use Windows Authentication exclusively.

Ensure all LDAP communication uses LDAP over SSL.

SQL Server

Enable only the Windows Authentication Mode.

Create a domain account that will be used to create the database (VaultOwner), as well as another account that will be used by the web server to connect to the database (VaultRunner). The latter must have only the minimal set of permissions to perform its tasks.

Communicate ONLY through an encrypted connection, please see Encrypting Connections to SQL Server.

Web Server

Configure the application pool to use domain credentials. This account will be added to the SQL Server as a login and be granted only the permissions that are needed (VaultRunner).

Serve content through SSL (https). See Configure SSL.