All unnecessary ports are turned off.
Whenever possible, a service port listens only for local connections and does not allow for remote connections.
Files are installed with the least privileges so that only a small number of users can read the files.
Default passwords are not permitted.
Reports against the database run as a user that only has select permissions on the database.
All Web interfaces require HTTPS.
A vulnerability scan is run against the application and all potential security problems are addressed.
All communication over the network uses SSL by default and is configured for authentication.
User account passwords are encrypted by default when stored on the file system or in the database.
Because of the highly sensitive nature of the data in Sentinel Rapid Deployment, you must keep the machine physically secure and in a secure area of the network. To collect data from event sources outside the secure network, use a remote Collector Manager. For more information on remote Collector Managers, see Section 3.3, Installing the Collector Manager and Client Applications
.