01-24-2014 10:56 AM
Hello again Experts,
We'd like to implement some hardening to our Service Manager web tier, clients and servers.
So far, I'm only aware of the documentation regarding enabling SSL and using https (mostly through SM Integration guides), though I'd like to know if there's more to hardening procedures to follow to further secure the SM system. If so, kindly point me in the right direction.
RTE, Client, Webtier: 9.31.022
01-25-2014 04:51 AM
System hardening is not controlled from application but comes in majority at OS, Network and web server level.
So SSL is just a feature of protocol for connection and https is only implemented at Web server level.
Here you have to decide your vulnerability matrix, that is, how much you want to strengthen your security and it comes from your design document and client approval.
There are number of tool to check and list vulnerability on system.
You have to block and deny access from unwanted ports like any other than 8081,13080,443 (for OOB system).
You have to disable corssside scripting, default Password in tomcat/apache, Trace track and many more.