Security
The following section presents general security recommendations designed to enhance the resilience of your server-based software. These measures should be viewed as complementary additions to your organization's overarching security policies. Given the diverse nature of network environments, variations in approaches and guidelines may exist at the company level. These recommendations aim to fortify the specific aspects of our software solution within the context of your unique security landscape.
Firewall configuration​
The initial step involves configuring the firewall (typically using iptables). Tailor the configuration to align with your network policy, incorporating the following specifications:
- Allow access to ports
tcp/22
andtcp/443
exclusively from trusted IP addresses (include addresses88.99.19.205/32
and35.205.144.20/32
for support purposes). - Grant access to ports
udp/1812
,udp/1813
andudp/5060
from the IP addresses of your equipment, such as switches, SBCs, gateways, etc. - Ensure that ports
tcp/22
,tcp/5432
,tcp/6379
andtcp/873
are accessible across all JeraSoft nodes for syncronization purposes. - If utilizing the Client Portal, open ports
tcp/9080
andtcp/9090
to public.
Customizing your firewall settings in accordance with these requirements strengthens the security of your server-based software.
SSH access​
For enhanced security, it is advised to deactivate the root
user login. Instead, employ individual accounts for each user, ensuring they have sudo privileges when necessary.
Additionally, for JeraSoft team's support and upgrade purposes, maintain a distinct jerasupport
account, complete with a robust password. It is advisable to disable this account when not in use, enhancing overall security measures.
Web access​
For optimal security in the web interface, it is advisable to deactivate the admin
account. Instead, establish individual accounts for each user, each configured with appropriate permission levels.
For support and upgrades facilitated by the JeraSoft team, maintain a dedicated jerasupport
account, ensuring it is equipped with a robust password. It is recommended to disable this account during periods when it is not required to further enhance overall system security.