-
For additional security related details please see the Cayosoft Document titled High Availability and Security
-
Follow Microsoft best practices where applicable, see Microsoft Security Best Practices to Protect Internet Facing Web Servers
-
Within IIS always require/Force SSL so only a HTTPS connection can be made from the server.
-
Deploy a stand-alone Windows Web Server on which you will run Cayosoft Administrator, see Installation of Cayosoft Administrator server dedicated for Self Service operations
-
Only configure the Cayosoft Active Directory Extension as it is all that is needed for password reset.
-
Create a least privileged Service Account with only the necessary permissions to accomplish Self-Service Password Resets & Account Unlock
-
Configure externally facing server to only speak to a AD DC in same DMZ as the Cayosoft Self-Service Password Reset Server.
-
Export security key and keep it in a safe place off-line. The security key is used to encrypt all passwords in the Cayosoft database.
-
Use the Cayosoft Password Policy to require strong passwords: long, complex and without any pragmatic words present.
-
Do not expire passwords. Microsoft's official security position to not expire passwords periodically without a specific reason. We found that your current policy is set to require a password reset every 999 days. (https://security.microsoft.com/securescore from Microsoft Secure Score)
Comments
0 comments
Please sign in to leave a comment.