Best Practices for Securing Your Servigistics InService Solution

Servigistics InService Deployment > Best Practices for Securing Your Servigistics InService Solution

This section provides basic actions that you can take to secure your Servigistics InService solution.

This information is provided only to assist you with the secure configuration of Servigistics InService. PTC does not provide support for any third-party products mentioned in this section, nor is PTC responsible for your security infrastructure.

Best Practice Steps

1. Configure the web server to use HTTPS. HTTPS uses the Secure Socket Layer/Transport Layer Security (SSL/TLS) to protect web application data from unauthorized disclosure and modification when it is transmitted between the browser (client) and the web server.

For more information about setting up your web server for HTTPS, see:

◦ Redirecting All HTTP Requests to HTTPS

◦ Configuring SSL for the Web Application Server

2. Establish a strong password policy for your Servigistics InService solution. Strong passwords have the following characteristics:

◦ Have a minimum password length.

◦ Contain uppercase, lowercase, numeric, and special characters.

◦ Do not contain the user name or the name of the organization.

◦ Have an expiration.

◦ Include account lockout feature after a specified number of login attempts.

3. Change the passwords of default accounts created during data loading. When setting a new password, use a strong password by following the strong password characteristics.

4. Remove the following from the Servigistics InService web-accessible directories on a production server:

◦ Implementation examples

◦ Sample code

◦ API documentation

5. Ensure that the Directory Listing is disabled on your web server.