Open navigation

Security Considerations

Modified on: Thu, 18 Jun, 2020 at 5:22 AM

To ensure that the Transform server is secure and reliable, the following should be considered and applied according to security best practices.


Apply security best practice to the host operating system

  • Install and configure a host-based firewall 

  • Choose good passwords for any accounts on the system and change any default or well-known accounts on the Machine.

  • Install and keep up with operating system patches and hardware firmware patches.

  • Configure and continue to monitor logs on the device.

  • Disable services and accounts which are not being used or are no longer necessary.

  • Replace insecure services (such as telnet, rsh, or rlogin) with more secure alternatives such as SSH.

  • Restrict access to services that cannot be disabled where possible.

  • Make and test backups of the system in a consistent manner.

 

Apply security best practice to the webserver

  • Keep the webserver updated.

  • Remove Server Version Banner.

  • Disable directory browser listing and indexing.

  • Hide Etag.

  • Run the webserver from a non-privileged account.

  • Protect binary and configuration directory permission.

  • Enable System Settings Protection.

  • Limit HTTP Request Methods.

  • Disable Trace HTTP Request.

  • Set cookie with HttpOnly and Secure flag.

  • Protect against Clickjacking Attack.

  • Disable CGI scripts and Server Side Include (SSI), if possible.

  • Enable Cross-Site Scripting (XSS) protection.

  • Disable HTTP 1.0 Protocol.

  • Sett the HTTP Limits.

  • Enable SSL.

  • Configure sufficiently secure SSL Keys.

  • Configure sufficiently secure SSL Cipher.

  • Disable SSL v2 & v3.

  • Place the webserver behind a web application firewall.

  • Enable access logging.

  • Change Server Banner.

  • Disable unwanted modules.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.