Introduction

Thank you for reading the OneSpan Authentication Server Security Best Practices Guide. It provides useful information and best practices to help ensure the correct and secure operation of OneSpan Authentication Server.

Components or features described in this document may need to be configured to meet the standards of the General Data Protection Regulation (GDPR). If your organization is collecting or in any capacity processing data on citizens of a European Union country, your organization is subject to the GDPR.

For more information about GDPR, refer to the OneSpan Authentication Server General Data Protection Regulation Compliance Guide.

This document contains resourceful information limited to OneSpan Authentication Server 3.27 deployments with ODBC data stores for the following supported operating system versions:

Windows

Linux

The information presented here are not designed to provide you with step-by-step procedures for installation and configuration processes in OneSpan Authentication Server. For more information about installation and configuration, refer to the OneSpan Authentication Server documentation.

Who should read this guide?

The information provided here are designed for IT managers, system administrators, and security officers using OneSpan Authentication Server products.

You should already be familiar with the following:

• Online authentication and authorization tools and protocols, including SOAP, RADIUS, WSDL, SSL, XML, HTML and TCP/IP.
• Windows and Linux security software environments including ODBC.
• Administration tasks including user management, policy, scheduling, reports, and performance monitoring.
• Password management and encryption techniques.
• EMV-CAP and other e-commerce transaction standards.

The aim of this guide is to improve your understanding of OneSpan Authentication Server for the following segments/aspects:

• User account management
• Protecting data at rest
• Protecting data in transit
• Secure usage
• Protecting the server's environment