The following recommendations help minimize threats to the Reflection for Secure IT Web Edition server and the data managed by the server.
- Limit the accounts on the system running Reflection for Secure IT Web Edition to the Administrator account and the non-administrative account that you designate as the run-as account for external users.
- Do not join the Reflection for Secure IT Web Edition server to a Windows domain.
- Do not run non-essential services on the Reflection for Secure IT Web Edition server that might provide user access, such as Telnet servers, FTP servers, and SQL servers.
- Configure a firewall that limits access to ports on the Reflection for Secure IT Web Edition server. The default ports that need to be open to the Internet are 22 (Secure Shell connections to the Reflection for Secure IT server) and 9492 (HTTPS connections to the Transfer Client).
- In the Reflection for Secure IT server console, on the External Users pane leave Restrict external users to file transfer sessions selected. This default setting helps minimize external user access to your system. Also, disable port forwarding for all users. To do this, clear both port forwarding options on the Permissions pane under Tunneling.