| Previous page | Installing neatComponents | Next page |
| Server Hardening | ||
 | |
The Server neatComponents works with the following operating systems, 'out of the box':
In a live environment it may be considered best practise to 'harden' the operating system by locking down permissions to restrict potential activities by malware. Clearly, in hardening the system, it is important to ensure you do not prevent the neatComponents system itself from functioning. neatComponents has to perform many more tasks than a standard 'static' website. For example, it installs DLLs, and manipulates the IIS metabase, and depending on the configuration, it installs (and itself hardens) a database. In hardening, you should ensure you do not override any essential permissions. For example, neatComponents needs the I_WAM / I_USR (Internet Guest / Launch IIS Process) accounts to be able to edit / write files in the following directories (it will have set these permissions itself when installed):
Anti-virus software We do not recommend the installation of anti-virus software on the server. Such software, whilst well-meaning, can cause server corruption and can seriously degrade performance. Firewall We recommend you install a separate hardware firewall between the server and any other devices. This should block all incoming traffic except that needed for the system to operate. The firewall should permit inbound traffic on:
The firewall should permit outbound traffic on:
In addition, the server hosting company may require extra ports to be open to permit them to manage and backup the server, however these should be restricted to the minimum (opening all 65536 ports is not a good idea). Ports opened for this purpose should be restricted to only those IP addresses required by the hosting company, and should not include the IP addresses of other hosted servers.
Note: This information is subject to change as new functionality is released |