Best Practices to Secure the application

Best Practices to Secure the application

This document is common for ServiceDesk Plus MSP and Supportcenter Plus application

Best practices to avoid threats
  • Upgrade to the latest version and builds.
  • Reset the password of bundled accounts (administrator and guest)
  • Enable two-factor authentication. 
  • Reset default scheduled backup password 
  • Enable account lock configuration to avoid brute force attack. 
  • Enable periodic backup and store the backup in a remote location. 
  • Disable concurrent login. 
  • Enable HTTPS mode.
  • Need to buy & apply genuine third party SSL certificate. User can apply the genuine SSL certificates under Admin->General->Import SSL Certificate page
  • We recommend to choose strong protocol (TLSv1.2) and ciphers under Admin->General->Security Settings page
  • We recommend to configure necessary security response headers available under Admin->General->Security Settings page
  • We recommend to reset the password of bundled "administrator" and "guest" account password
  • To avoid brute force attack, we recommend to configure the "Configure account lockout threshold and duration" available under Admin->General->Security Settings page. The configuration is used to block the unauthorized access
  • We recommend to enable password polices in Active Directory/SDP MSP application to avoid brute force attack.
  • We recommend to install the SDP MSP application in dedicated server machine to avoid unauthorized access
  • Configure appropriate session timeout for both web and mobile apps.
  • Disable Domain Filtering during login.
  • Enable Antivirus scanning for file uploads if possible.
  • Enable Password Policy.
  • Need to enable password protection for all exported files from SDP MSP application. Can configure this under Admin->Privacy Settings page
  • Enable attachment black/white list configuration to avoid malicious file uploads. 
  • Enable mandatory password reset on the first login. 
  • Disable all non-login features (Approval, Solutions, etc) 
  • Enable password protection for file attachments.

Also, we recommend referring to the below link to secure the instance from security threats. Below is applicable for SDP MSP too.

Please have additional security to protect the instance by installing third-party WAF/Firewall
        New to ADManager Plus?

          New to ADSelfService Plus?

            • Related Articles

            • Best practices for managing old accounts and sites.

              When dealing with old accounts/sites in Service Desk Plus MSP (SDP MSP), it's essential to follow best practices to maintain a clean and organized database. Managing old accounts/sites efficiently can help improve performance, reduce clutter, and ...
            • Security: Strict transport security

              Please make use of the default value in placeholder for strict transport security. max-age=15892 includesubdomains preload Ensure to restart the application service for the changes to be effective.
            • Best practices for the mail fetching

              1. Please do have a dedicated mailbox for the application, the same mailbox should not be configured for any other application. 2. Always set the email to be deleted automatically once created as a ticket in the application because it will avoid ...
            • How to move the application folder from one drive to another?

              Use case When changing the location of the application folders you might want to reconfigure the services.msc to start the desired instance.  For Example from C Drive to D Drive.  Steps 1. Stop the application: -> Stop the application services from ...
            • How to change application port

              1. Stop the application  2. Open Command Prompt as Admin 3. Go to ManageEngine\ServiceDeskPlus-MSP\bin 4. Invoke command changeWebServerPort.bat [newportnumber] [Protocol http or https] 5. Start the application. Refer below screenshot  Note : ...