Deep Security 11 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Harden Deep Security
Deep Security as a Service and the Deep Security AMI from AWS Marketplace AMIs all run on Amazon Linux. The Deep Security team has hardened those products based on the Center for Internet Security (CIS) standard for Amazon Linux.
Hardening involves making changes to secure the system and make it less vulnerable to attack. For Deep Security, the changes included updating the web installer so that it terminates after the Deep Security Manager is online, removing unnecessary software, and configuring system settings to use the principal of least privilege, wherever it is applicable.
Deep Security AMI from AWS Marketplace is also protected by a Deep Security Agent installed on the same host as the Deep Security Manager. The Agent has a default " Deep Security Manager" policy applied to it, which provides basic intrusion prevention rules and firewall rules that filter traffic to the Manager.
There are several measures you can take to increase the security of your Deep Security deployment.
- Protect Deep Security Manager with an agent
- Bind Deep Security Agent to a specific manager
- Replace the Deep Security Manager TLS certificate
- Encrypt communication between Deep Security Manager and the database
- Change the Deep Security Manager database password
- Configure HTTP security headers
- Enforce user password rules