-
For additional security-related details please see the Cayosoft Document titled High Availability and Security.
-
Follow Microsoft best practices where applicable, see Microsoft Security Best Practices to Protect Internet Facing Web Servers.
-
Within IIS always require/Force SSL so only a HTTPS connection can be made from the server.
-
Deploy a stand-alone Windows Web Server on which you will run Cayosoft Administrator, see Installation of Cayosoft Administrator server dedicated for Self Service operations.
-
Only configure the Cayosoft Active Directory Extension as it is all that is needed for password reset.
-
Create a least privileged Service Account with only the necessary permissions to accomplish Self-Service Password Resets & Account Unlock.
-
Configure the externally facing server to speak only to an AD DC in the same DMZ as the Cayosoft Self-Service Password Reset Server.
-
Export the security key and keep it in a safe place offline. The security key is used to encrypt all passwords in the Cayosoft database, see Self-Service - Password Self-Service Enrollment Details web action – Cayosoft Help Center.
-
Use the Cayosoft Password Policy to require strong passwords: long, complex, and without any pragmatic words present.
-
Do not expire passwords. Microsoft's official security position is to not expire passwords periodically without a specific reason.
Comments
0 comments
Please sign in to leave a comment.