To ensure the highest level of security for EntraPass, use
the following setup, configuration, and installation measures.
CAUTION: Failure
to comply with the following security configuration may result in a weakened
operational state with related security vulnerabilities.
To
comply with security standards, complete the following steps:
-
Deploy EntraPass on a Virtual Local Area Network (VLAN).
-
For an encrypted layer of security during data transit, use
Hypertext Transfer Protocol Secure (HTTPS) instead of HTTP. You must obtain a Secure
Socket Layer (SSL) certificate from a certificate authority (CA), and generate it for
the EntraPass web website. For information about how to implement SSL in internet
information services (IIS), refer to the Microsoft website:
https://support.microsoft.com/en-nz/help/299875/how-to-implement-ssl-in-iis
Note: This link
is only for reference; contact Microsoft for support on how to implement
SSL.
-
Change default passwords during installation.
-
To improve system performance, use a load balancer with your routers in front of
the EntraPass server. For information about how to set up the load balancer, refer to
the product manufacturer's installation guide.
-
To isolate EntraPass servers, use a firewall. In the firewall, only
open ports that you require to use EntraPass. Block all other internet traffic.
For a list of default ports used with EntraPass, see Communication ports.
-
To protect your information, store data backups in a secure
location.
