This section provides requirements and recommendations aimed at improving information security during system lifecycle.
General requirements
Only legal and supported software must be used during installation and operation.
Timely apply service packs and security updates for Operating Systems and Third Party software.
Use anti-virus software with timely updated signature databases.
Use a firewall that blocks all network communications except those used by the system.
Ensure the safety and secrecy of software access passwords; Try to use a complex password, refuse to use well-known dates, company names or numerical sequences. Replace standard passwords with hacking-resistant sequences.
Back-end requirements
Do not install the software as root user.
For remote access to the server, use the SSH protocol, we recommend protocol version 2 with key authorization. Use VPN to access servers.
Network privacy
We recommend using a completely isolated local network from the Internet. It is acceptable to open 443 (preferred) or 80 ports on load balancers. Everything else should be covered by VPN.
Isolate PostgreSQL, Redis and ClickHouse database servers from external access.
Redis
Be sure to set a strong password with a length of at least 32 characters: symbols, letters in different case, numbers.
Users
User security is ensured in the following ways:
• SSL/TLS traffic encryption
• Restricting access to resources through authorization
• User access key rotation
• Using the blowfish password hashing algorithm with dynamic and static salts
• Setting the complexity of user passwords
• Two-factor authentication
• Lock password guessing
• Integration with Microsoft Active Directory Corporation using the secure TLS protocol.
Broadcast points
Broadcast point security is ensured in the following ways:
• SSL/TLS traffic encryption
• A unique access key stored in an encrypted storage.
For enhanced security, we recommend:
• Disable or remove all third-party software that is not involved in the system.
• Deny network access to external resources.
• Make the recommended settings in the player (enable auto-configuration, enable Kiosk mode, disable hotkeys).