Security considerations for SMC deployment
The information stored in the Security Management Center (SMC) is highly valuable to anyone conducting or planning malicious activities in your network. Someone who gains administrator rights to the Management Server can change the configurations.
An attacker can gain access by exploiting operating system weaknesses or other services running on the same computer to gain administrator rights in the operating system.
Consider at least the following points to secure the Management Server and Log Server:
- Prevent any unauthorized access to the servers. Restrict access to the minimum required both physically and with operating system user accounts.
- We recommend allowing access only to the required ports.
- Never allow Management Client connections from insecure networks.
- Take all necessary steps to keep the operating system secure and up to date.
- We recommend that you do not run any third-party server software on the same computer with the SMC servers.
- We recommend placing the servers in a separate, secure network segment without third-party servers and limited network access.
You can optionally use 256-bit encryption for the connection between the engines and the Management Server. You must also use an Internal ECDSA Certificate Authority to sign certificates for SMC communication.
When you create and use a new Internal ECDSA Certificate Authority to sign certificates for system communication, the Management Server and the engine re-establish their trust relationship. After the Management Server and the engine re-establish their trust relationship, 256-bit encryption is enabled for the connection between the engines and the Management Server.
You can optionally install the SMC with external certificate management. Using certificates issued by an external CA allows you to use your own established internal CA infrastructure to generate certificates for internal TLS communication between system components. Certificate revocation checking is also supported. If any devices are compromised, the certificates associated with them can be revoked and replaced centrally using the external certificate management system.