In his blog, Stephen Smith, recommends several great ideas for setting up Sage ERP Accpac 6.0 securely. We thought they were worth sharing.
Sage Accpac 6.0 comes with a new web portal and a web-based screen integration to SageCRM. With that in mind, Stephen suggests that companies identify the bad guys (people who might want your data (including ex-employees!), identify assets (servers and databases that need to be secure), and identify risks.
Stephen suggests the following in addition to normal IT practices such as applying Windows updates and not running services you don't need:
- Configure IIS for HTTPS (SSL)
- Disable HTTP (require SSL)
- Set more stringent security restrictions in database setup
- Do a NMap port scan of your server