Security Hardening

Security hardening feature helps you manage and configure the security settings of Log360. This tab also displays a security score which is calculated based upon the weightage given to each configuration.

To manage individual settings, click the Configure or Enable option corresponding to that security setting and make the required changes. Once configured, the setting will have a green ticked Configured/Enabled icon-enable icon next to it, as shown in the image below.

Security Hardening

We recommend you to configure all the settings and ensure your product security score is 100%. The security settings alert will be displayed in the notification center ( icon-notification icon on the top-right corner) until a security score of 100% is reached.

Note: For licensed customers, the alert will also be displayed after every successful login until all the mandatory security configurations (marked with * under List of security settings) are done.

List of security settings:

  1. Enforce HTTPS*

    Configuring HTTPS helps you secure connection between the web browser and the Log360 server. See how to enable HTTPS.

  2. Change Default (Admin & Operator) Password*

    It is recommended to use a strong password to access Log360 dashboard. Use this setting to change both the admin and operator password.

  3. Enforce Two-factor Authentication*

    Two-factor authentication adds an additional layer of security. See how to configure two-factor authentication.

  4. Enable Reverse Proxy

    Enabling reverse proxy helps protect the identity of Log360 server. Click on Configure to navigate to the reverse proxy settings tab. See how to enable reverse proxy settings.

  5. Enforce LDAP SSL

    This setting lets you secure the LDAP connection between Log360 server and Active Directory with SSL. See how to enable LDAP SSL.

  6. Enable CAPTCHA

    This setting adds captcha to the login page to avoid brute-force attacks. See how to add captcha.

  7. Enable Auto Update

    Enable this setting to automatically update your product to the latest build. Click on Configure to navigate to the auto-update settings tab. See how to enable auto-update.

  8. Block Invalid Login Attempts

    This setting allows you to block a specific user who fails to login after a specific number of attempts. See how to block invalid login attempts.

Note: The first three settings given in the above list are mandatory for Log360.


Copyright © 2023, ZOHO Corp. All Rights Reserved.