Hi,
I'm curious how you guys make OTRS safe as possible?
OTRS - Security
Moderator: crythias
Re: OTRS - Security
first of all, stay with the lastest patch level....
Also I implemented on my own system 2 factor authentification and a reverse proxy which does the SSL offloading. SSH ist only available via VPN
Also I implemented on my own system 2 factor authentification and a reverse proxy which does the SSL offloading. SSH ist only available via VPN
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: OTRS - Security
1. Hardware patched and up to date (both physical and virtual)
2. OS patched and up to date.
3. OTRS and other software patched and up to date
4. fail2ban monitors web and ssh
5. 2 factor auth for web and ssh
I also use port knocking to enable ssh access, so port 22 is closed when not in use
BACKUP...BACKUP...BACKUP...BACKUP...BACKUP...BACKUP...BACKUP...
2. OS patched and up to date.
3. OTRS and other software patched and up to date
4. fail2ban monitors web and ssh
5. 2 factor auth for web and ssh
I also use port knocking to enable ssh access, so port 22 is closed when not in use
BACKUP...BACKUP...BACKUP...BACKUP...BACKUP...BACKUP...BACKUP...
OTRS 5.0.26 with ITSM, and FAQ module on CentOS 7 with MariaDB and Apache
Using LDAPS for customers and agents against Azure AD
Using LDAPS for customers and agents against Azure AD