Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Server hardening for open internet use
-
For business reasons, we require our ProGet installation to be open over the public internet, but we intend this to hold proprietary packages not meant for public consumption.
Is there a checklist for hardening the ProGet installation in such a manner? Is this recommended against? I would expect things like disabling anonymous authentication, requiring SSL, enabling policies to enforce max password attempts, and so forth to be included in such a checklist.
Product: ProGet
Version: 3.1.2
-
Sounds like you basically just made that check list :)
There is no "max password attempts" option as the built-in invalid credentials delay mechanism is sufficient to protect against brute-force/guess attacks.
Otherwise, SSL and no anonymous is sufficient.