• State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 24 subscribers
  • Views 546 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Does anyone have a hardening guides for the webhelpdesk product before putting live on the internet?

faulknercj

Hello all

Looking for a 'hardening' guide for the install of the solarwinds webhelpdesk product.  Have my ssl all ready and verified but wanted to know if there was anything else that can be done regarding the install / setup of this product to ensure it's as secure as possible.

If anyone else has put their system on the .net and can give me any pointers that would be most appreciated.

Thank you for taking the time to read this

--

Topher

  • 0

    There is no official hardening guide (but hey good idea, I'd also love to hear various suggestions from others on what they consider important!).

    WHD generally supports encryption of connection for email server, LDAP/AD, databases. You can also use SSO, HTTPS access. All of this will definitely improve your security.

  • 0

    Hi Peter

    Thank you for taking the time to read the post and give your thoughts.

    I’ve done the SSL part although have LDAP encryption to implement next.  I guess I was looking for a specific hardening guide, sort of like a MS ‘best practices’ guide for the initial setup, permissions on the relevant directories, what specific services need to be enabled for Helpdesk to function, what level of access / user permission they need to be able to run at.

    All input very welcome and please, if anyone has an obvious pointer, please point me in the right direction!

    Cheers

  • 0

    We did this using a Apache web front-end with an ajp conenctor to the back-end web helpdesk server.

    Untitled.jpg

  • 0 in reply to solaradmin

    Bump this!

    Thank you FCPSOLARADMIN. 

    Our setup is similar although it's web to a different port, still SSL, then to the Helpdesk located in our isolated DMZ.

    Apart from the hotfixes which get released by Solarwinds has anyone done / had any pen testing against the application itself?

  • 0 in reply to faulknercj

    No pen testing. Could setup a lab and do this, that sounds like fun emoticons_happy.png

  • 0

    I've done some initial pen testing internally but will be looking to source an external vendor to again pen test but if anyone has any experience in this field and would like to share their findings that would be most helpful.  My helpdesk is all patched up and I believe is running the latest version, including hotfixes so given the feedback I have ( thank you ) I believe we are ready!

  • 0

    We setup a DMZ and setup destination NAT and source address filtering. We force HTTPS and encrypt the data from the webserver to our ms sql server within the DMZ. It feels overkill but it was really fun to setup! emoticons_happy.png

  • 0 in reply to jpike

    hi jpike

    yes i've situated ours in a dmz with ssl forced and various firewall rules in place.  a very worth while exercise as you say, even if it can feel a little over the top, but better to be safe than sorry! thanks all for the input

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.