The following sections provide information about secured installations:
Close all unnecessary ports. To review the list of ports, see Understanding Ports Used.
Service port listens preferably only for local connections, and does not allow remote connections.
Files are installed with least privileges so that the least number of users can read the files.
Reports against the database are run as a user that only has select permissions on the database.
All web interfaces require HTTPS protocol.
All communication over the network uses SSL by default, and is configured to require authentication.
User account passwords are encrypted by default, when they are stored on the file system or in the database.
The appliance has undergone the following hardening:
Only the minimally required packages are installed.
The firewall is enabled by default and all unnecessary ports are closed in the firewall configuration.
Change Guardian is automatically configured to monitor the local operating systems syslog messages for audit purposes.