Improving Web Application Security
Security is not an end-state but an ongoing process. We take every step possible to ensure that our software is
secure-as-possible in the default configuration while still remaining reasonably simple to install. However some
security steps and precautions are in the hands of the system administrator.
Tips for Improving Security
These are steps that every system administrator should follow to secure Ithicos applications.
- Do not wait longer than 60 days to apply Microsoft security updates and related patches for both server and desktop operating systems.
- Keep web browsers up-to-date and patched
- Practice seperation of roles. System admins should have two user accounts. An end-user account and a privileged account.
- Practice the principle of least permissions; admin roles should only have the permissions they need to do their job.
- Reset the service / proxy account password at least three times per year. Use a strong password.
- Expose web applications to the Internet with great care. Consider the use of a reverse proxy or other security devices.
System and Software Operations
Anticipate potential problems and plan ahead.
- Prior to editing any configuration file, make a backup copy of it first.
- Keep backup copies of all Ithicos product's configuration and installer files as well as license keys.
- If using virtual machines, always keep recent snapshots that will allow you to quickly revert to backups.
- Document your service account information and the priviledges given to the service account
Last review: 30 Nov 2019