Security hardening of Patch Connect Plus

Security Hardening Tips and Recommendations

This document will help you harden the security in Patch Connect Plus.

Update the latest Security Patches

• Patch Connect Plus immediately releases the security patches for identified security issues. Follow this Security Updates Group and "Security Updates on Vulnerabilities" section in our Knowledge base to stay updated with the latest security patches. 

Enable Secure Log-in

To enable secure log-in, go to Admin tab and click on Security settings, and under Secure login perform the below steps,

• Enable Secure Login (HTTPS)
• Configure a complex password 
• Disable default admin

Use third party trusted certificates

It is recommended to configure Patch Connect Plus with a trusted third party certificate to ensure secured connections between desktops, mobile agents and server. However, for secured communication using HTTPS, a default self-signed certificate will be provided along with the server

Disable older versions of TLS

By default, SSLV2 and SSLV3 protocols are disabled in Patch Connect Plus. If you are not managing any of the legacy operating systems (Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 ), you can disable TLSv1 and TLSv1.1 in the security page.

Disable 64-bit week older ciphers

Upgrade to Patch Connect Plus build 90031 and above, as the ciphers are disabled by default. If you are managing Windows XP and Windows Server 2003 operating systems, apply the Patch for Windows XP and Patch for Windows 2003.

Subscribe to receive notifications on data breach

Patch Connect Plus notifies IT admins in the event of a data breach. However, the product user must first set this up by subscribing to the 'Breach Notification' option present under 'Privacy Settings' in the Admin tab.