Skip to content

Steps to Harden the Securden Primary Server

Securden server component needs to be hosted on a dedicated, hardened machine. By default, the Securden installation directory contains all of the components required for Securden to function.

Create strong password for the Securden server

Create a long and complex password so that the server in which Securden is installed is secure. Eliminate password reuse and use a unique, strong password for the Operating System.

Have an exclusive service account

Use a unique service account for Securden in your domain controller. This service account should be used to run Securden and import users and accounts from Active Directory, Google Workspace, and other LDAP-compliant directories.

To start using the dedicated service account, run “services.msc” in the server where Securden is installed and navigate to the properties of the Securden PAM service. Replace the existing local system account with the newly created service account.

Disable remote access

Disable remote access to the PAM server for all normal domain users in your company using domain group policies. Only one or two domain administrators should have write permissions to the Securden PAM drive or folders, and all other administrators should only have read permission

Set up firewall rules

Set up inbound and outbound firewalls to protect against incoming and outgoing traffic. This parameter can also be used to specify which server ports must be opened for various operations including password management and remote connections to target IT assets.

Other recommendations for hardening the Securden primary server

Securden and its associated services are sensitive assets. The core principle of these recommendations is to treat Securden infrastructure with the highest level of security.

  • Do not install other applications on the Securden Server, as it is detrimental to hardening the component server.
  • Limit the user accounts that can access Securden servers (Primary and secondary application server). Ensure that any domain accounts used to access Securden servers are unable to access domain controllers and other member servers and workstations.
  • Use network-based firewalls and IPsec to restrict, encrypt and authenticate inbound administrative traffic.
  • Enforce application whitelisting and limit access to authorized applications.
  • Apply Microsoft security updates regularly.