You can consider the following additional security measures to make your deployment secure: Importing TLS certificates Pseudo-random number generators (PRNG) algorithm Configuring a secure Broker Setting the SM_AUTHORITY variable Specifying alternate security configuration files Options to run as non-root on Linux systems Preventing Elastisearch from being vulnerable to dynamic scriptingIf you configure Elasticsearch for access from a remote host, arbitrary code can execute. You can prevent this vulnerability. Importing TLS certificatesBy default, an generates a self-signed TLS certificate that is presented to the incoming TLS connections. However, you can configure a certificate to use by performing the following step: Pseudo-random number generators (PRNG) algorithm Global Console SSL uses (HMACDRBG256) as the default PRNG algorithm. Configuring a secure BrokerYou can configure the to run in a secure manner. Setting the SM_AUTHORITY variableThe environment variable controls the authentication security features provided by the software. You can add and set the variable in the file. Specifying alternate security configuration filesYou can define separate and files on hosts where multiple servers or clients are running. The environment variables that allows you to specify distinct configuration files are and . Options to run as non-root on Linux systemsThis topic lists the options that are used in conjunction with each other to run as non-root user. These two options are only available on Linux systems. These options are available for the and commands. Parent topic: Security Configuration Settings