Best Practices for Securing Your PTC Arbortext Content Delivery Solution

PTC Arbortext Content Delivery Deployment > Best Practices for Securing Your PTC Arbortext Content Delivery Solution

This section provides basic actions that you can take to secure your PTC Arbortext Content Delivery solution.

• This information is provided only to assist you with the secure configuration of PTC Arbortext Content Delivery. PTC does not provide support for any third-party products mentioned in this section, nor is PTC responsible for your security infrastructure.

• For additional security, consider using HTTP Public Key Pinning Extension (HPKP) mechanism. PTC Arbortext Content Delivery does not have this mechanism implemented out-of-the-box since deploying HPKP safely requires operational and organizational maturity due to the risk that hosts might make themselves unavailable by pinning to a set of public key hashes that become invalid.

For more information on HPKP, see https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning and https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

Best Practice Steps

1. Configure the web server to use HTTPS. HTTPS uses the Secure Socket Layer/Transport Layer Security (SSL/TLS) to protect web application data from unauthorized disclosure and modification when it is transmitted between the browser (client) and the web server.

For more information about setting up your web server for HTTPS, see Configuring SSL for the Web Application Server

2. Establish a strong password policy for your PTC Arbortext Content Delivery solution. Strong passwords have the following characteristics:

◦ Have a minimum password length.

◦ Contain uppercase, lowercase, numeric, and special characters.

◦ Do not contain the user name or the name of the organization.

◦ Have an expiration.

◦ Include account lockout feature after a specified number of login attempts.

3. Change the passwords of default accounts created during data loading. When setting a new password, use a strong password by following the strong password characteristics.

4. Remove the following from the PTC Arbortext Content Delivery web-accessible directories on a production server:

◦ Implementation examples

◦ Sample code

◦ API documentation

5. Ensure that the Directory Listing is disabled on your web server.