ĭo not use the CBC block cipher mode, or the diffie-hellman-group1-sha1 key exchange algorithm.Do not reuse cryptographic keys or certificates (for example, do not use the certificate of the One Identity Safeguard for Privileged Sessions (SPS) webserver to encrypt audit trails, or the same keypair for signing and encrypting data). Use every keypair or certificate only for one purpose. For details on encrypting the configuration, see "Encrypting configuration backups with GPG" in the Administration Guide. Handle the exported data with care, as it contains sensitive information, including credentials. When exporting the configuration of SPS, or creating configuration backups, always use encryption. For details, see "Setting password policies for local users" in the Administration Guide. For local One Identity Safeguard for Privileged Sessions (SPS) users, require the use of strong passwords (set Users & Access Control > Settings > Minimal password strength to strong). Use strong passwords: at least 8 characters that include numbers, letters, special characters, and capital letters. One Identity recommends using 2048-bit RSA keys (or stronger). Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) > Encryption-related settings Safeguard for Privileged Sessions On Demand.Safeguard for Privileged Passwords On Demand.Safeguard Privilege Manager for Windows.One Identity Safeguard for Privileged Sessions (Balabit).One Identity Safeguard for Privileged Passwords.Active Directory Management and Security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |