To ensure that the Transform server is secure and reliable, the following should be considered and applied according to security best practices.
Apply security best practice to the host operating system
Install and configure a host-based firewall
Choose good passwords for any accounts on the system and change any default or well-known accounts on the Machine.
Install and keep up with operating system patches and hardware firmware patches.
Configure and continue to monitor logs on the device.
Disable services and accounts which are not being used or are no longer necessary.
Replace insecure services (such as telnet, rsh, or rlogin) with more secure alternatives such as SSH.
Restrict access to services that cannot be disabled where possible.
Make and test backups of the system in a consistent manner.
Apply security best practice to the webserver
Keep the webserver updated.
Remove Server Version Banner.
Disable directory browser listing and indexing.
Hide Etag.
Run the webserver from a non-privileged account.
Protect binary and configuration directory permission.
Enable System Settings Protection.
Limit HTTP Request Methods.
Disable Trace HTTP Request.
Set cookie with HttpOnly and Secure flag.
Protect against Clickjacking Attack.
Disable CGI scripts and Server Side Include (SSI), if possible.
Enable Cross-Site Scripting (XSS) protection.
Disable HTTP 1.0 Protocol.
Sett the HTTP Limits.
Enable SSL.
Configure sufficiently secure SSL Keys.
Configure sufficiently secure SSL Cipher.
Disable SSL v2 & v3.
Place the webserver behind a web application firewall.
Enable access logging.
Change Server Banner.
Disable unwanted modules.