ManageEngine has been recognized as a Customers' Choice in the 2023 Gartner Peer Insights™ Voice of the Customer for Application Performance Monitoring and Observability report. Learn more

Security Best Practices

With the digital era evolving and expanding rapidly, the frequency of cyber attacks is also increasing at an alarming rate. Hence, it is critical to follow guidelines and best practices as a first line of defense against potential threats. Below is a list of recommended guidelines that will help us achieve our common goal of enhancing security and preventing possible intrusions.

  1. Disable HTTP

    By default, Applications Manager can be accessed via both HTTP and HTTPS ports. To ensure a secure connection between Applications Manager server and the browser/client, it is recommended to disable HTTP access. Show me how.

  2. Use Third Party SSL Certificate

    Applications Manager comes with a self-signed SSL certificate for HTTPS to work. However, to enhance security it is recommended that you apply your own CA signed SSL certificate. Show me how.

  3. Disable TLSv1 and TLSv1.1 protocols for HTTPS port

    Applications Manager supports TLSv1, TLSv1.1 and TLS v1.2 by default. It is recommended that you disable old TLS v1/1.1 protocols. Show me how.

  4. Enable Security response headers

    Security response headers act as an added layer of security that helps browsers to detect and mitigate certain types of attacks. It is recommended that you enable these headers to prevent click-jacking, cross-site scripting, and MIME type sniffing attacks.

    To enable security response headers, navigate to Settings -> Security Settings -> Enable Security response Headers
    To learn more about this, click here.

  5. Setup complex passwords and enforce account locks

    By default, Applications Manager's password policy enforces password encryption by default. It mandates you to set complex passwords to enhance security and make it less vulnerable to cyber attacks. It is also recommended that you change the Super admin's password after installation of the product.

    To defend against password-guessing attacks, it is recommended that you enforce account locks in case of consecutive failed login attempts. Show me how.

  6. Implement role-based access control (RBAC)

    Applications Manager provides you the ability to manage users and roles for your enterprise, with roles assigned to users and different permissions associated to each role. This enforces controlled access to the product thereby ensuring effective authorization.

    It is recommended that you add users and associate them with the required roles to prevent unwanted access and changes. Show me how.

  7. Enable LDAPS when configuring domain

    Applications Manager provides domain configuration options and also lets you import users from those domains. It is recommended that you enable LDAPS while configuring domains to ensure secure communication with domain controllers. Show me how.

  8. Enable Data Protection

    To ensure that report data is accessed more securely, it is recommended that you enable data protection in security settings. Applications Manager enforces password protection for reports in all formats (PDFs, HTML files, and CSVs).

    To enable Data Protection, go to Settings -> Security Settings -> Data Protection.

  9. Disable file upload

    The Applications Manager UI has an option that allows admins to upload files into the Applications Manager directory. As a measure to avoid harmful files from being uploaded accidentally, it is recommended to disable this option. You can enable it whenever required.

    To disable file upload, navigate to Settings -> Security Settings -> Disable file upload.

  10. Enable read-only database user connection for Query Tool

    Applications Manager has a query tool that lets the super admin obtain data from the database by executing custom queries. To prevent accidental change in the database that might likely impact the functioning of the entire application, it is recommended to enable read-only database user connection for Query tool.

    To enable read-only database user connection for Query Tool, go to Settings -> Security Settings -> Enable read-only database connection for query tool.

  11. Upgrade to the latest version of Applications Manager

    Ensure that you frequently upgrade to the latest version of Applications Manager to experience the latest features and to ward off possible vulnerabilities. Also, periodically back up application data and database. Refer this link to upgrade to the latest version.

  12. Other options: