Security Hardening Guide

Kantech recommends the following setup, configuration, and installation measures to ensure the highest level of security for EntraPass.

NOTE: Failure to comply with the following security configuration may result in a weakened operational state with related security vulnerabilities.

To comply with security standards, complete the following steps:

1  - Deploy EntraPass on a Virtual Local Area Network (VLAN).

2  - For an encrypted layer of security during data transit, use Hypertext Transfer Protocol Secure (HTTPS) instead of HTTP. You must obtain a Secure Socket Layer (SSL) certificate from a certificate authority (CA), and generate it for the EntraPass Web website. Refer to how to implement SSL in IIS (Internet Information Services) on Microsoft’s website. https://support.microsoft.com/en-nz/help/299875/how-to-implement-ssl-in-iis

NOTE: This link is for reference only, contact Microsoft for support on how to implement SSL.

3  - Change default passwords during installation.

4  - To improve system performance, use a load balancer with your routers in front of the EntraPass server. For information about how to set up the load balancer, refer to the product manufacturer's installation guide.

5  - Use a firewall to isolate EntraPass servers. In the firewall, only open ports that you require to use EntraPass. Block all other internet traffic. For a list of default ports used with EntraPass, see Communication ports.

6  - To protect your information, store data backups in a secure location.