Harden security configurations
Overview
- At a minimum, ensure administrative security is enabled in all WebSphere processes. This protects access to the administrative ConfigService interface and managed beans (MBeans) that enables control over the WebSphere process if it is compromised.
- Ensure SSL is used whenever possible, and mutual SSL whenever possible.
Mutual SSL requires all clients to supply a trusted personal certificate in order to connect.
- Remove any unnecessary certificate authority (CA) signer certificates from your trust stores.
- Change default keystore passwords during or after profile creation using the AdminTask changeMultipleKeyStorePasswords command.
- Change your LTPA keys periodically. We can configure the automatic regeneration of LTPA keys if necessary.
- CSIv2 inbound Basic authentication is supported in this release of WAS. The authentication default is 'required'.
Related:
Enablement and migration considerations of Security hardening features Tune, harden, and maintain security configurations