Securing Ektron
Complete this checklist to secure Ektron.
For the latest updates to Ektron’s security guidelines, see http://dev.ektron.com/kb_article.aspx?id=30982.
Make sure you change the password for the Admin and Builtin user.
Change Admin user password
Change builtin user password
WARNING! If you changed the builtin user password during the site setup, you do not need to change it again. See Editing the Builtin Username and Password for additional information. Also, the “builtin” user does not appear in the Users list. This user appears on the application setup screen.
NOTE: If you cannot sign in to Ektron because the builtin user password was changed and you do not know the new password, use the BuiltinAccountReset.exe
utility. This resets your Ektron user / password to Builtin / Builtin. This utility is located in C:\Program Files\Ektron\CMS400versionnumber\Utilities
.
Ektron includes some sample users and sample membership users for evaluation and demonstration purposes. Remove these users when they are no longer needed.
WARNING! Some users in the following lists might not appear in your User list. Also, you might have sample users that appear in your users lists. This depends on the version of the software you have installed.
Ektron Users—See Also: Managing Users and User Groups
Membership Users—See Also: Membership Users and Groups
Do Not Allow the Use of Group User Accounts
A group account is an account that more than one person uses to log in to Ektron using the same username and password. This is a serious security issue because it prevents you from tracking user activities in your Workarea. Group accounts violate Ektron's license agreement.
Complete the following changes when you make the decision is made to purchase the product and go live with your site. You do not need to make these changes if you are using Ektron for demonstration or evaluation purposes.
WARNING! You should create your own Administrator user and deleting the Admin user. Also, delete unnecessary users from Ektron.
By default, the root folder in Workarea provides the Everyone Group with all permissions except Overwrite Library. You should review the permission needs of the Everyone Group when you add a folder. See Also: Managing Folder Permissions
Best Practice For improved security, you should rename or remove the Web services file when you move it to your production server. After installation, this file is named |
ServerControlWS.asmx
is the Web service that enables the server controls interact with Ektron. The path is coded in the siteroot/web.config
file. This is how it appears:
<!-- Web Service URL for Server Controls design time --> <add key="WSPath" value="http://localhost/CMS400Developer/Workarea/ServerControlWS.asmx" />