Setting up Security¶
Caution: Ensure system operates at a security level that matches your organization's requirements
As an administrative user, you must ensure your system operates at a security level that matches the requirements of your organization.
By introducing this appliance into your network, you accept that there are risks involved in deploying the system, and you acknowledge that you have reviewed the default PCoIP Management Console and CentOS configuration and have performed any other changes to make the security level appropriate for your deployment.
Note: Update your software to the current release
From time to time, updates may be made available, either from Teradici or the developers of CentOS. While Teradici recommends staying current on releases, it is also recommended that you test updates on a test system prior to upgrading your production system or back up a snapshot of the PCoIP Management Console before running the update.
The OS admin user must use the sudo command when performing actions that require elevated privileges.
Note: Non-root Linux passwords must be at least ten characters long
Non-root Linux passwords must be at least ten characters long and contain one each of upper case, lower case, decimal, and special characters. When changing a non-root Linux password, the new password must be at least four characters different from the previous password.
The following table contains some further recommendations for securing your PCoIP Management Console over and above the default CentOS security configuration undertaken by Teradici.
PCoIP Management Console Security Recommendations
|Network security||Configure your corporate firewall as follows:
|Operating system security||
Note: Prior to updating your production system
To ensure that a library update does not cause problems, Teradici recommends that you perform updates on a test system (or that you take a snapshot of the PCoIP Management Console) before updating your production system. See Backing Up PCoIP Management Console Database.
|PCoIP Management Console web UI security||
Note: Re-enabling admin account
If you have disabled the admin account and plan to revert the PCoIP Management Console Enterprise to PCoIP Management Console Free, this account must be re-enabled before you can log in again to the PCoIP Management Console web UI. Alternatively, you can run a script from the PCoIP Management Console virtual machine console to re-enable the default admin account.
|Enable HTTP Strict Transport Security (HSTS)||HTTP Strict Transport Security (HSTS) is a policy that helps protect web server appliances against particular types of attacks against the communication between the web browser and the web server.
See HTTP Strict Transport Security for details on how to enable HSTS.
HTTP Strict Transport Security (HSTS) requires: