Securing Xpress Insight 5
The following sections describe the security considerations and steps for securing Xpress Insight 5.
Covered Topics
- Enabling HTTPS with Xpress Insight 5 Server
After enabling HTTPS with Xpress Insight 5 Server, you can customize the HTTPS port. - Securing the Admin Account
You can secure the admin account by changing the admin password through the user admin pages. - Encrypting Sensitive Information Stored in Configuration Files
The Insight Server and Execution Worker configuration files should be encrypted to secure any sensitive values they contain, such as passwords. - Protecting the Execution Authentication KeyStore
Communication between the Insight Server and its Execution Workers is secured with JWT-based authentication and a public/private key pair generated at server installation. This is referred to as Execution Authentication. - Attachment Type Blocklist
Attachment filename extensions are validated against a blocklist of extensions that are considered potentially harmful.
Parent Topic
Insight 5 Installation Guide