Skip to main content

BEAM Uygulama İnternet Yapılandırılması

ATTENTION!

This document and its contents are advisory and cover the procedures that should be checked on the application before opening to the internet. It may vary according to the content of the document and the security policy applied by the company. The company should implement the IT security policy of its own company. Some settings may need to be adjusted differently for BEAM to work. Bimser Çözüm cannot be held responsible for the situation / situations that may occur due to missing and / or different information in the document.

Things to Do Before the BEAM Server Opens to the Internet

This document will explain which elements should be checked before the server where BEAM is located is opened to the Internet.

The substances to be checked are listed below respectively. Some of these items need to be made by the customer and are indicated by the phrase "(Customer).

  1. Define a password in the Redis application running on the server
  2. (Client) Closing the port on which the Redis application running on the server is running to be accessed from outside the server
  3. (Client) Defining the DNS address record so that the BEAM server can be accessed from the outside world
  4. (Client) Installing the appropriate SSL certificate in IIS for the DNS address defined for the application on the BEAM server
  5. (Client) Adding the new DNS address defined as https binding in the site where BEAM is located in IIS, defining the certificate and DNS information on the binding
  6. Admin password not left as default password
  7. (Client) Security testing & securing servers

Define a password in a Redis application running on the server

When the Redis application is installed, the password feature (requirepass) is turned off by default. In order to prevent access to the data in Redis, the password parameter (requirepass) must be activated in the Redis application.

To activate it, the redis.windows-service.conf file in the C:\Program Files\Redis directory (the directory may vary during Redis installation) is opened.

.

The square (#) sign at the beginning of the requirepass parameter should be deleted when the requirepass field is reached in the SECURITY section within the file. With the deletion of the mark, the password that is desired to be used instead of the phrase foobared should be entered in the password field. In this example, an alphanumeric password of 16 characters is entered. The Redis password should not have been used before and/or be easily guessed.

After the password is entered, the redis.windows-service.conf file is saved. After saving, the redis service in Windows services should be stopped and then started.

  1. Closing the port on which Redis is running to external access

Access from outside the server where the port on which the Redis application is running must be turned off. This process should be done by the IT or related unit of the company.

To find out the Redis port, open the redis.windows-service.conf file in the C:\Program Files\Redis (directory may vary during Redis installation) directory on the server where the Redis application is installed.

By coming to the port field in the NETWORK section in the file, the port information where the redis is working is learned.

Note: If the BEAM application and the Redis application are running on different servers, an exception rule must be defined on the server where the Redis application is located for the BEAM server to be accessible. The same exception rule can be defined if other applications need to connect to Redis.

Registering DNS for Access to BEAM Application

In order for the application to be opened to the outside world, BEAM must define a DNS address and work over HTTPS in accordance with this address.

DNS address identification should be done by the IT or related unit of the company.

Installing the appropriate SSL certificate for the DNS address

Once the necessary DNS address definition is made for access to the BEAM server, the SSL certificate must be installed on the server for the address to work over HTTPS. The transaction must be carried out by the IT or related unit of the company.

Defining the BEAM Application on the ISP as an https Binding on the Web Site

After the DNS address definition and SSL certificate to validate the DNS address to IIS is installed, the new https binding is added to the bindings on the website where BEAM is running. Here you will need to make the SSL setting work over HTTPS as well as the SSL certificate selection to be done.

Click Bindings

Beam System Configuration Encryption:

Before the BEAM application is opened to the outside world, the fields on the System configuration must be encrypted. In this context, it is necessary to bring SK_ suffix per key values with password content.

If desired, a system-wide password requirement rule (such as minimum length, uppercase letters, lowercase letters, etc.) can be created so that users can create a new password in accordance with this rule when they first log in.

1.7 Security Testing &; Securing the Server(s)

On the BEAM server, on the Redis server if Redis is installed on a separate server, on the viewer server if the Viewer is installed on a separate server, the IT or related unit of the company is responsible for ensuring the security of the database and database server used by the system. Protecting the servers with firewalls, who can access from where and how, structures such as DMZ should be planned and implemented by the company.

If security testing is requested on the servers, the relevant tests should be performed by the company.

1.8 Server Configuration: