If JavaScript is disabled, please continue to the
sitemap
.
Infor Risk and Compliance Application Security Recommendations
Home
Back
Back
Forward
Forward
Search
Copy URL
PDF
Print this page
Topic URL copied to clipboard
Show the Table of Contents
Hide the Table of Contents
Introduction
Instance and application configurations
Pre-install or pre-upgrade
SQL server
Operating system
IIS
IIS Hardening - Configuring host headers on all sites
Ensuring that the sa login account is set to Disabled
Ensuring that the sa login account is renamed
Setting the Server Authentication property to Windows authentication mode
Setting the value of the CHECK_EXPIRATION option to ON for all the SQL authenticated logins within the sysadmin role
Setting the CHECK_POLICY option to ON for all the SQL authenticated logins
Post-install or post-upgrade
Security configurations
Application Server
WhiteHat - Fixing the information leakage vulnerability
WhiteHat - Fixing the information leakage and the Insufficient Transport Layer security (HTSS)
CIS-CAT IIS hardening - Fixing the default allowed web extension-Disable directory browsing
CIS-CAT hardening - ASP.Net configuration recommendations
IIS Hardening - Configuring host headers on all sites
IIS - Setting the default application pool identity to least privilege principal
IIS - Configuring the anonymous user identity to use the Application Pool identity
IIS - Configuring the Require SSL option in the Forms authentication
IIS - Turning the Debug off in the IIS
IIS- Ensuring non-ASCII characters are not allowed in URLs
OS - Setting the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode to Prompt for consent for non-Windows binaries
OS - Setting the User Account Control: Switch to the secure desktop when prompting for elevation to Enabled
Adding X-Content-Type-Options
Disabling directory browsing feature of Certification Manager Site using IIS
Disabling the RC4 Cipher suites
Disabling the SSLv2 or SSLv3
Enabling Advanced IIS logging
Setting cookies with the HttpOnly attribute
Cookie security: cookie not sent over SSL
Setting forms authentication to use cookies
Double-Encoded requests
Ensure HTTP Trace Method is disabled
Ensure Handler is not granted the write and the script/execute permissions
Ensure notlistedisapisallowed option is set to false
Ensure notListedcgisallowed is set to false
Ensure TLS 1.2 is enabled
Ensure NULL Cipher Suites is disabled
Ensure DES Cipher Suites is disabled
Ensure rc2 cipher suites is disabled
Ensure AES 256/256 Cipher suite is enabled
Ensure MachineKey validation method - .Net 4.5 is configured
Ensure custom error messages are not off
Ensure IIS HTTP detailed errors are hidden from displaying remotely
Ensuring the maxURL request filter is configured
Ensuring the MaxQueryString request filter is configured
Ensure TLS 1.0 and TLS 1.1 are disabled
SQL Server
SQL Server - Setting the Scan For Startup Procs server configuration option to 0
SQL Server - Setting the Default Trace Enabled server configuration option to 1
Setting the Ole Automation Procedures server configuration option to 0
Setting the value of the Ad-hoc Distributed Queries server configuration option to 0
Setting the value of the CLR Enabled server configuration option to 0
Setting the value of the Cross DB Ownership Chaining option to 0
Setting the Database Mail XPs server configuration option to 0
Setting the value of the Remote Access server configuration to 0
Setting the Remote Admin Connections server configuration option to 0
Configuring the SQL server to use non-standard ports
Setting the value of the Hide Instance option to Yes for the production SQL server instances
Setting the value of the xp_cmdshell server configuration option to 0
Ensuring that the Maximum number of error log files is set to a value greater than or equal to 12
Ensuring that the Login Auditing option is set to failed logins
Ensuring that the SQL Server Audit is set to capture both the failed and the successful logins
Revoke CONNECT permissions
Drop orphaned users from SQL server databases
Open link in new tab
Open link in new window
Copy link to clipboard