This section explains additional security configuration steps that you can be perform after installing the SilverWhere application.
Turn On Data Execution Prevention (DEP)
Turn on DEP if required. See Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Turning Off Auto Play
Turn off Auto play if required. See Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Turning Off Remote Assistance
Turn off Remote Assistance if required. See Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
If a Secure Sockets Layer (SSL) certificate is required, it must be configured either on the load balancer or in the IIS web server for communication to web services. Secure Sockets Layer (SSL) usage on the SilverWhere Security Server is mandatory.
The Self-signed certificate should be used only if the customer fails to provide a certificate from a Certificate Authority (CA). See SilverWhere Installation Guide for information about the installation of secure certificates.
The configuration of SilverWhere user passwords are performed in the SilverWhere .Net application under the User Setup Module. Administrators are recommended to configure a strong password policy after the initial installation of the application and review the policy periodically.
Password verification functions are used to ensure that the user password meets the minimum requirements for complexity. Check and ensure the PASSWORD_VERIFY_FUNCTION parameter for the user profile created in the Database is not NULL.
Ensure that passwords adhere to the following strength requirements:
The password must be at least 8 characters long.
The password must contain letters, numbers.
Must not choose a password equal to the last 3 passwords used.
Password expiration is used to ensure that users change their passwords regularly. It also provides a mechanism to automatically disable temporary accounts. Set the PASSWORD_LIFE_TIME parameter for user profile in the Database.
When setting up users for the SilverWhere application, ensure that they are assigned the minimum privilege level required to perform their job function.
Set INACTIVE_ACCOUNT_TIME in the profiles assigned to users to automatically lock accounts that have not logged in to the database instance in a specified number of days. It is also recommended to audit infrequently used accounts for unauthorized activities.
The database user by default has unlimited concurrent connections but this may result in memory resource exhaustion or Denial-of-Service attacks. It is advisable to set the SESSIONS_PER_USER for this. We recommend that you check for disabled constraints, and determine where applicable, if they need to be disabled, deleted, or enabled as these are a potential cause for concern.