SSH Tectia

Security Precautions

It is assumed that the usual standards of corporate security are followed when integrating SSH Tectia Manager into an existing environment.

Pay attention to the following security issues:

  • The Management Server host root accounts must be limited to authorized superusers, only.

  • The Management Server does not contain passwords or other access data for opening terminals to the managed hosts, only for controlling the Management Agents.

  • There should be no unnecessary open ports on the managed hosts.

  • The administrator group roles can be segregated according to the allowed host groups and management actions.

  • The Management Agent and administration interface connections are TLS-secured. The weak TLS ciphers (56-bit keys) are NOT supported by the web administration interface.

  • All administrator actions are logged in the audit log, and logins and logouts are logged.

  • The Management Agent runs with root or admin privileges (system service or daemon).

  • The web server administrator access is allowed via an encrypted tunnel only.

  • Critical database content is 3DES-encrypted (host PSKs, admin passwords).

Please note that this Administrator Manual does NOT detail general security precautions that are required when incorporating a system such as SSH Tectia Manager into a production environment. These issues include:

  • hardening the Management Server host on the operating system level

  • physical security of the Management Server

  • security on administrator workstations connecting to the Management Server through the administration interface (for example, turning off browser password caching).