Key Points to consider regarding system security:
- Preventing unauthorized access
- Use IIS best practices by eliminating support for deprecated cipher suites. Limit to TLS1.2 and newer.
- Enable HTTP Strict Transport Security (HSTS) with a long "max-age" value (1 year or more)
- Check your IIS weblogs:
- IIS7+: %SystemDrive%\inetpub\logs\LogFiles
- Also, keep an eye on the Event Log
- It is highly recommended to require Multifactor Authentication for all accounts.
- If Multifactor Authentication cannot be used, as a minimum we encourage the configuration of Password Complexity Requirements for all account types.
- Stay current on all patches and updates for all the software on the server (Windows, .NET Framework, etc.)
- If you have antivirus on your server, watch for any performance issues that may arise from real-time scanning.
- SSL Certificates
- Aeries Software recommends using an SSL certificate on all Internal and External websites. Your certificate provider will have instructions for generating the Certificate Signing Request and installing the certificate for your server's version of IIS.
- Force SSL to be required on all sites
- Educate users to use “HTTPS://yourwebsite”
- Redirect from HTTP to HTTPS by whatever method you prefer. ( {URL rewrite} or typical IIS HTTP redirect}
- Active Directory
- Aeries Web Version Admin Portal and/or Teacher Portal can be set up to use Active Directory via the Aeries LDAP Connection String. Ideally, this will be LDAPS perhaps on its default port of 636.
Sample Aeries Topology: