Firewall Analyzer - Security Best Practices


    With the ever increasing frequency of cyber attacks it is important to follow guidelines and best practices as an initial step to ward off potential threats. This page is intended to provide you with the necessary guidelines to help us meet our shared goals to enhance security and prevent possible intrusions.

    1. Enable HTTPS

    It is recommended to enable HTTPS in Firewall Analyzer to secure your login. All communication between the product server and the agents will take place using the HTTPS protocol if this option is enabled. To do this, go to Settings > Security Settings, enable 'Secure Mode' in the SSL configuration tab and follow the steps given here.

    2. Enable Two Factor Authentication

    Two Factor Authentication (TFA) provides an additional level of authentication and improves security and prevents unauthorized access. TFA requires the user to either provide a unique time-based one time password (TOTP) generated through Authenticator Apps, or a one time password (OTP) sent to the user's configured email address during login. Learn more.

    3. Set a complex password

    Firewall Analyzer's password policy encourages users to employ strong passwords in order to enhance security and prevent unauthorized logins due to password guessing. Another possible defense against password guessing attacks is enabling an account lockout, which means the account will be locked after a specified number of invalid or failed login attempts. Learn in depth about Firewall Analyzer's password and lockout policies here.

    4. Implement role-based access control (RBAC)

    Ensure that you maintain controlled access to the product by providing only the required level of access to individual users using User Roles. Firewall Analyzer provides a wide range of options to customize the appropriate access levels for every individual user in the organization, ensuring fine-grained authorization.

    In Firewall Analyzer, multiple users can be created and their level of access across different modules of the network can be customized. This prevents unwanted changes to the network and helps in managing the network by letting the administrator determine which parts of the network the individual user is privy to.

    5. Enable LDAPS when configuring domain details

    Configuring domain details for AD authentication with LDAPS allows secure communication with domain controllers.

    6. Enable Data Protection

    Enable Data Protection in Security Settings to access scheduled reports securely. To enable Data Protection, go to Settings > Security Settings > Data Protection.

    7. Ensure security of shared folders

    If 'Network Shared Folders' are configured in the product, ensure the folders are secure.

    8. Upgrade to the latest version of Firewall Analyzer

    Ensure that you frequently check for a upgrade to the latest version of Firewall Analyzer to avail the latest features and to guard against possible vulnerabilities. Also, periodically back up application data and database. To learn more about how to upgrade to different versions of Firewall Analyzer, kindly refer to the Service Packs page here.

    Customer security is our number one priority. Stringent security policies go into the development of ManageEngine ITOM products. Learn more about our security policies here.