Improving Web Application Security

Security is not an end-state but an ongoing process. We take every step possible to ensure that our software is secure-as-possible in the default configuration while still remaining reasonably simple to install and manage. However some security steps and precautions are in the hands of the system administrator.

Tips for Improving Security

These are steps that every system administrator should follow to secure Ithicos applications.

System and Software Operations

Anticipate potential problems and plan ahead.

Avoid Exposing Web Apps to the Internet

Any web page or web application that is exposed to the Internet requires a higher security posture. Ithicos Solutions applications have been designed as internal / intra-net applications. The servers on which our applications are installed must have access to Active Directory and our applications require LDAP and Kerberos access to Active Directory.

Adding custom machine keys

If you have not already updated to v3.2 or later of our products, you should do so. The web.config file for Directory Update v3.2 and Directory Manager v3.2 contains a section that allows you to further custom the machine validation keys that are used for the Telerik Upload controls. This YouTube video, Generate security keys for RadAsyncUpload demonstrates how to generate and add custom keys for the Telerik upload controls. It is a simple, 5 minute process to do so.

If you are using more than one instance of Directory Update and are distributing traffic to those instances via a load balancer, you should update the web.config file on one of the servers and then copy that web.config file to the other instances.

Last review: 16 Jan 2021