Protect against attacks that could deny a service by:
- Installing the latest security patches.
- Entering account/password information during creation of a new database, at which time the product prompts for the creation of the first (administrative) account. PPM does not ship with a default Administrator sign-on.
- Ensuring log settings meet the operational needs of the server environment. Do not use "Debug" log level in production environments.
- Documenting the configuration settings used for servers and create a process for changing them.
- Limit the maximum age for the session cookie on the application server.
- Protecting access to configuration files with physical and file system security. (The product installs and configures all files with limited file permissions for all files it installs. However, there are system folders and files belonging to the operating system which, by default, may have wider permissions. PPM does not modify these file permissions, so you as administrator need to consider enhancing the associated physical and file system security.)