Login
    Contenu x
    Industry best practices: Network security
    • 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Industry best practices: Network security

    • Mis à jour le 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    In addition to the practices outlined in the previous topics, we strongly recommend adhering to the following industry best practices for hardening the network infrastructure:

    • Always run anti-virus and anti-malware tools with the most current definition files.
    • Do not connect OneSpan Authentication Server directly to the internet.
    • Do not place OneSpan Authentication Server in a demilitarized zone (DMZ).
    • Do not host OneSpan Authentication Server on the same operating system instance with other software.

    Limited access to OneSpan Authentication Server components

    To further increase network security, limit the access to OneSpan Authentication Server components and elements to the necessary minimum—this includes but is not limited to:

    • Limiting access to OneSpan Authentication Server Administration Web Interface to system administrators and support staff.
    • Limiting access to SEAL and RADIUS to services using these protocols.
    • On Linux distributions, run OneSpan Authentication Server under its own service account and restrict access to its files to that service account. This service account cannot be changed after installation!

    It is essential to restrict network traffic between OneSpan Authentication Server services and external systems. We strongly recommend using firewalls designed to prevent unnecessary network access to OneSpan Authentication Server.

    Remote access to server system components should be limited by using the following approaches as a minimum:

    • Disable remote methods to access the operating system, for example telnet or FTP, that communicate over unsecured channels.
    • Disable any other remote access method for the operating system, for example SSH, unless absolutely required for maintenance. Disable immediately when maintenance is completed.

    Network Time Protocol and OneSpan Authentication Server

    The Network Time Protocol (NTP) is designed to synchronize the clocks of computers over a network. If multiple servers are specified, the NTP service will attempt to synchronize all servers. To provide redundancy, it is good practice to configure multiple servers. In general, best accuracy is obtained by using servers that have a low network latency. Ensure that users are prevented from changing the time on NTP servers that are used by OneSpan Authentication Server.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle