![]() Some security standards require passwords to be changed at regular intervals. Password expiration should be enabled for custom users This feature should be turned off in high security environments to avoid unnecessary sensitive data exposure. ![]() In Administration - System Settings - Security Settings, enable Force data source 2-factor configurationīy default, offline mode is enabled and allows Remote Desktop Manager to automatically cache credentials stored in entries on the client system. The software can be configured to enforce MFA requirement to all users. This control prevents abuse of compromised, leaked or weak passwords. Multi-factor authentication (MFA) requires an additional mean of authentication when connecting to a data source. Multi-factor authentication (mfa) should be enforced In Administration – System Settings – Vault Management – Security Settings – Security, disable Use legacy security.See Migrate from legacy security to permissions in Remote Desktop Manager. Legacy security has been deprecated and will be completely removed starting with version 2023.3 of Remote Desktop Manager. Traffic over HTTP is unencrypted and is susceptible to be intercepted and tampered by a malicious third party.Ĭonfigure a TLS certificate on the server and set the data source URL to start with See Configure SSL. HTTPS is used to protect the communication between the client and the server hosting the data source. HTTPS should be used to connect to the data source In File - Options - Security - Application Security (local), choose Use application password and check Encrypt local files using the application password The application password should be used to encrypt sensitive information in Remote Desktop Manager configuration files. Setting a minimal Remote Desktop Manager version is recommended to ensure clients are up to date and have the latest security features.Ĭonfiguration files should be encrypted using an application password The master key can be set under File - Change Master KeyĪ minimal client version should be configured Using a master key encrypts sensitive content of XML-based data source files. Security providers are configured in Administration - Security ProvidersĪ master key should be used with the data source When a security provider is configured, sensitive data contained in a data source is encrypted. Then, the default template can be selected in Administration - System Settings - Password Templatesīy default, passwords are not protected at rest. In File - Templates, select Password Templates to create a template. Password templates set requirements for passwords generated with the password generators. Improvement actions items A default password template should be configured Achieving 100% is surely not an end goal in itself, we simply aim to raise awareness and provide ideas for your own security hardening. The scores are admittedly open to question and we do not pretend each topic has the same relative value for all of our community members. Some tips are common infosec best practices, others are a consensus between our owns teams. ![]() The Security dashboard is a tool to offer guidance on how to improve the security of the Remote Desktop Manager platform and also tips on reducing the workload for administrators. Warnings for untrusted rdp connections should be enabled.Vaults should be created with restricted permissions by default.Transparent data encryption (tde) should be used with sql server.Tls certificate validation should be enabled.The password strength analyzer should use zxcvbn.The data source password variable should be disabled.SMS should not be used for multi-factor authentication.Risky events should be disabled or generate a warning. ![]() Password expiration should be enabled for custom users.Multi-factor authentication (mfa) should be enforced.HTTPS should be used to connect to the data source.Configuration files should be encrypted using an application password.A minimal client version should be configured.A master key should be used with the data source.A default password template should be configured.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |