Securing WAS profiles (WebSphere application servers only)
As specifically directed by the IBM WebSphere administration documentation, you should ensure that your WebSphere installation meets these general recommendations:
Standalone configuration - Secure the default profile
Network Deployment configuration - Create a new profile and secure that profile
Recommended method of securing profile via WAS Integrated Solutions Console:
Administrative security: Enable Administrative security.
Application security: Enable application security.
Java 2 security: Disabled.
User account repositories: Federated repositories with the admin_user and admin_password (same as defined in soap.client.props file for profile).