Security hardening guide

To ensure the highest level of security for EntraPass, use the following setup, configuration, and installation measures.
CAUTION: Failure to comply with the following security configuration may result in a weakened operational state with related security vulnerabilities.

To comply with security standards, complete the following steps:

  1. Deploy EntraPass on a Virtual Local Area Network (VLAN).
  2. For an encrypted layer of security during data transit, use Hypertext Transfer Protocol Secure (HTTPS) instead of HTTP. You must obtain a Secure Socket Layer (SSL) certificate from a certificate authority (CA), and generate it for the EntraPass web website. For information about how to implement SSL in internet information services (IIS), refer to the Microsoft website: https://support.microsoft.com/en-nz/help/299875/how-to-implement-ssl-in-iis
    Note: This link is only for reference; contact Microsoft for support on how to implement SSL.
  3. Change default passwords during installation.
  4. To improve system performance, use a load balancer with your routers in front of the EntraPass server. For information about how to set up the load balancer, refer to the product manufacturer's installation guide.
  5. To isolate EntraPass servers, use a firewall. In the firewall, only open ports that you require to use EntraPass. Block all other internet traffic. For a list of default ports used with EntraPass, see Communication ports.
  6. To protect your information, store data backups in a secure location.