Recommended security practices for CCS Assessment Manager
Symantec reccommends the following security best practices for CCS Assessment Manager operations:
Regularly install the latest security patches on the computers on which you install the CCS Assessment Manager and the database server.
Do the following to enable a secure communication between the browser and the Web portals:
Enable SSL on the IIS Web site that you use to install the CCS Assessment Manager Web portals.
To enable SSL on IIS, use the certificates that are issued by a trusted certificate authority.
Use HTTPS and disable HTTP access to the CCS Assessment Manager Web portals.
Restrict the proxy server access to legitimate users if you use a proxy between the browser and the Web server. Additionally, enable appropriate security measures on the proxy server.
Do not accept certificates from unknown sources on the browser.
Use Microsoft Exchange profiles for mail server communication.
HTML formatted mails are not supported by Microsoft Exchange profiles.
For CCS Assessment Manager Service account, choose a user account that does not have administrative access on the computer that has CCS Assessment Manager installed. Use the user account from Users group.
For a CCS Assessment Manager that is installed on the Windows 2003 computer, the service user should have administrative privileges on the local computer.
Since the user is not Machine administrator, the Launch Admin Web Portal shorcut on the Assessement Manager Console and the preview of video and images in the Edit Question window is not available. The user can preview the attached videos and images from the Admin Web Portal.
For SQL server operations, ensure the following:
Enable SSL and use the certificates that are issued by a trusted certificate authority.
Restrict the Service User account access on RAM_DB only to a user with the db_owner privileges. Restrict database access to Service Account users only.
Enable regular antivirus scans on the CCS Assessment Manager file repository.
The location of the CCS Assessment Manager file repository is as follows: