Steps to Harden Securden Application Servers¶
Limit access to your PAM installation folder¶
It is important to limit access to your PAM installation folder. This contains the PAM database, user and accounts related information, audit reports, session recordings, etc. These values are encrypted but for employing a security model that aligns with the “defense in depth” strategy, grant access to as few users as possible.
Securden has various provisions for protecting the database. However, it is advisable to grant access to the Securden server and the database server to a few users at the maximum. The database server is accessed only through the primary server, but in the case of distributed deployments, the database server is shared between the primary server and the secondary application server.
Restrict log-on rights to the application server¶
Administrators accessing the application server directly might attempt to monitor memory in use on the server. They also have better chances to access the PAM installation folder. Uni˜ed PAM has several measures to protect application memory but the best safeguard is to limit access to the application server to as few users as possible.
Secure traffic with the Active Directory¶
It is a good practice to set up integration with Active Directory through a SSL communication channel using the LDAPS protocol.
Secure sessions routed through the Session Manager¶
The Securden Session Manager (SSM) routes the session traffic and by default, it uses RDP port 3389. For added security, it is recommended to enable SSH tunneling for the remote connections launched from Securden.
 
              