The default security settings in Network Configuration Manager and recommendations for a high security configuration are provided in this topic.
| Default setting | Secure deployment setting | Pros of secure deployment setting | Cons of secure deployment setting | Instructions on how to configure secure deployment setting |
| Application server listens on both secure and insecure ports. | For best possible security between client and server, block access to the insecure ports through the use of a firewall. | Provides high level of protection for the communication between client and server by avoiding the tampering, spoofing, man in the middle type of attacks. | Impact on performance. | Install a firewall between the application server and the clients (or on the application server using iptables).
Note: Firewalls installed on a Network Configuration Manager server must comply with the list of standard Network Configuration Manager ports and protocols.
Communication security settings
Note: Port 80 must not be blocked on the loop back.
|
| Self-signed SSL certificate is used for client connections. | Purchase or generate a trusted SSL certificate for client connections. | Client to server connections are trusted, no warnings during login. | Certificate may require additional financial cost. | Refer to the Network Configuration Manager Installation Guide for instructions on installing SSL certificates. |
| Default password is used for multiple accounts. | Change all default passwords immediately after installing the product. | Prevent access to intruders. | Change the Network Configuration Manager, System Management Console, and JMX Console passwords. Refer to the Network Configuration Manager Installation Guide for instructions. |
