General security considerations
This list does not provide best practices in network and system administration; rather, it suggests a number of security mechanisms that you can expand upon.
- Keep up-to-date on patches
-
To minimize security vulnerabilities, keep your operating systems, web and application servers, and other software up-to-date. Malicious users will not hesitate to exploit the latest vulnerabilities.
ForgeRock maintains a list of security advisories you should follow. You should also follow similar lists from all of your vendors.
- Keep up-to-date on cryptographic methods and algorithms
-
Different cryptographic methods and algorithms are discovered and tested over time. Do not generate your keys with outdated or insecure algorithms like RSA or SHA-1.
- Turn off unnecessary features
-
The more features you enable, the more features you need to secure, patch, and audit. If you are not using something, disable or uninstall it.
- Limit access to the servers hosting IDM
-
A large part of protecting your environment is ensuring only authorized people can access your servers and applications through the appropriate network, using the appropriate ports, and presenting strong enough credentials.
Ensure users connect to the systems through SSL/TLS and audit system access periodically.
- Enforce security
-
Do not expect your users to follow security practices on their own; enforce it when possible by requiring secure connections, password resets, and strong authentication methods.
- Audit access and changes
-
Audit logs record all events that occurred. Operating systems also have audit logs to detect unauthorized login attempts and changes to the software.
IDM has its own Audit logging service that adheres to the log structure common across the ForgeRock Identity Platform.