Summary
Learn how to ensure the highest security in PolicyServer.
Details
Requirements for the environment where the PolicyServer should be installed:
- All administrators must be trusted and must not maliciously attempt to circumvent the security of the system.
- All administrators must be competent and well trained.
- The server should be located in a physically-secured room.
- The server should be hardened or secured.
To achieve the highest security for PolicyServer, implement the following:
| Service | Function | Ports | Additional Notes |
|---|---|---|---|
| World Wide Web | Communicates to Endpoint Encryption clients and exchange Audit Policy data. | TCP: 80 | Ensure that the IIS server is properly configured. .NET servers must also be enabled. |
| Sends alerts from the PolicyServer. | TCP: 25 | Ensure that the email server is properly configured.SQL | |
| SQL | Transfers SQL requests for Audit Policy data. | TCP: 1433 and UDP: 1434 | Fixed port configuration must be used. |
- The ports listed above are for the default configuration.
- All unused services or ports should be disabled to prevent unauthorized access.
- The SQL Server should be hardened and secured.
- The server and SQL server should be backed up.
- The PolicyServer and all clients should be synchronized to a single time server.
