The default security settings in Network Configuration Manager and recommendations for a high security configuration are provided in this topic.

Table 1. Secure deployment settings
Default setting Secure deployment setting Pros of secure deployment setting Cons of secure deployment setting Instructions on how to configure secure deployment setting
Application server listens on both secure and insecure ports. For best possible security between client and server, block access to the insecure ports through the use of a firewall. Provides high level of protection for the communication between client and server by avoiding the tampering, spoofing, man in the middle type of attacks. Impact on performance. Install a firewall between the application server and the clients (or on the application server using iptables).
Note: Firewalls installed on a Network Configuration Manager server must comply with the list of standard Network Configuration Manager ports and protocols. Communication security settings
Note: Port 80 must not be blocked on the loop back.
Self-signed SSL certificate is used for client connections. Purchase or generate a trusted SSL certificate for client connections. Client to server connections are trusted, no warnings during login. Certificate may require additional financial cost. Refer to the Network Configuration Manager Installation Guide for instructions on installing SSL certificates.
Default password is used for multiple accounts. Change all default passwords immediately after installing the product. Prevent access to intruders. Change the Network Configuration Manager, System Management Console, and JMX Console passwords. Refer to the Network Configuration Manager Installation Guide for instructions.