The default security settings in Network Configuration Manager and recommendations for a high security configuration are provided in this topic.
|Default setting||Secure deployment setting||Pros of secure deployment setting||Cons of secure deployment setting||Instructions on how to configure secure deployment setting|
|Application server listens on both secure and insecure ports.||For best possible security between client and server, block access to the insecure ports through the use of a firewall.||Provides high level of protection for the communication between client and server by avoiding the tampering, spoofing, man in the middle type of attacks.||Impact on performance.||Install a firewall between the application server and the clients (or on the application server using iptables).
Note: Firewalls installed on a Network Configuration Manager server must comply with the list of standard Network Configuration Manager ports and protocols. Communication security settings
Note: Port 80 must not be blocked on the loop back.
|Self-signed SSL certificate is used for client connections.||Purchase or generate a trusted SSL certificate for client connections.||Client to server connections are trusted, no warnings during login.||Certificate may require additional financial cost.||Refer to the Network Configuration Manager Installation Guide for instructions on installing SSL certificates.|
|Default password is used for multiple accounts.||Change all default passwords immediately after installing the product.||Prevent access to intruders.||Change the Network Configuration Manager, System Management Console, and JMX Console passwords. Refer to the Network Configuration Manager Installation Guide for instructions.|