Skip to main content

Security

The following section presents general security recommendations designed to enhance the resilience of your server-based software. These measures should be viewed as complementary additions to your organization's overarching security policies. Given the diverse nature of network environments, variations in approaches and guidelines may exist at the company level. These recommendations aim to fortify the specific aspects of our software solution within the context of your unique security landscape.

Firewall configuration​

The initial step involves configuring the firewall (typically using iptables). Tailor the configuration to align with your network policy, incorporating the following specifications:

  • Allow access to ports tcp/22 and tcp/443 exclusively from trusted IP addresses (include addresses 88.99.19.205/32 and 35.205.144.20/32 for support purposes).
  • Grant access to ports udp/1812, udp/1813 and udp/5060 from the IP addresses of your equipment, such as switches, SBCs, gateways, etc.
  • Ensure that ports tcp/22, tcp/5432, tcp/6379 and tcp/873 are accessible across all JeraSoft nodes for syncronization purposes.
  • If utilizing the Client Portal, open ports tcp/9080 and tcp/9090 to public.

Customizing your firewall settings in accordance with these requirements strengthens the security of your server-based software.

SSH access​

For enhanced security, it is advised to deactivate the root user login. Instead, employ individual accounts for each user, ensuring they have sudo privileges when necessary.

Additionally, for JeraSoft team's support and upgrade purposes, maintain a distinct jerasupport account, complete with a robust password. It is advisable to disable this account when not in use, enhancing overall security measures.

Web access​

For optimal security in the web interface, it is advisable to deactivate the admin account. Instead, establish individual accounts for each user, each configured with appropriate permission levels.

For support and upgrades facilitated by the JeraSoft team, maintain a dedicated jerasupport account, ensuring it is equipped with a robust password. It is recommended to disable this account during periods when it is not required to further enhance overall system security.