What steps should I take to make sure my TEM deployment is secure?
The following article discusses some options for securing your TEM deployment.
Resolving the problem
Here are some steps you can take to ensure that your TEM deployment is as secure as possible:
- Place the TEM Server, TEM Clients, and TEM Console on an internal LAN or VPN with internal IPs protected by a perimeter firewall. Configure the perimeter firewall to filter UDP and TCP/IP packets on the TEM port (default 52311, 52312, and 52313).
- Make sure that your TEM Console publisher credentials (pre-8.2) and TEM Administrator private keys and credentials are secured using recommended methods for private key security. Specifically, make sure that the private keys are not stored on the TEM Server machine itself. You should store them on a secure removable disk (Floppy, CD, USB memory card, etc.) with encryption technology such as PGP. In addition, you should have a secure backup of your TEM key files.
- Make sure you have used a strong password on the SQL Server or SQL Express database.
- Make sure that the TEM Server computer has the latest security patches installed (we recommend that you install the TEM Client on the TEM Server computer to keep it up-to-date).
- Make sure that the TEM Server computer is using an NTFS file system rather than a FAT or FAT32 file system.
- In general, you should follow the industry standard security practices that apply to Windows, server machines, and public/private key systems.
Translate this page: