Security Recommendations for AutoSteps

AutoSteps allows Synthetic Monitoring for application performance management by using executable and scripted recordings of transactions. Therefore it is desirable to have some security in place to limit both access to and from the PC’s with PG Agents running AutoSteps.

Important

Why do I need all these security rules?

We recommend to take the below mentioned security recommendations into consideration to minimize attacks.

The following security recommendations must be considered when installing AutoSteps:

Important

**Example:**Click thumbnail to view image in full size.

Physical VS Remote Access

AutoSteps runs as a user and not as a service. Therefore AutoSteps only works when the PC is logged in and it will keep running only when the PC is logged in. When you install AutoSteps the Install AutoSteps feature gets enabled.

Physical Access

If the machines are physical machines and not virtual machines, access to the machines (by placing the PC in a locked server room to limit the access) should be restricted at the same level as production servers and automatic locking should configured for the shortest possible practical time.

Important

What about having no terminal and keyboard?

This is a desirable solution as it limits the physical access.

Remote Access

The remote access from other machines should be restricted as much as possible on desktop connections with:

• User login permissions
• Subnet or IP based restrictions

Network Level Restriction

• It is recommended to place the machines on a separate subnet behind a firewall to have the most granular control of the network traffic.

• [!WARNING] Additional measures could be made on the local Windows firewall to ensure that only processes run by AutoSteps.exe are allowed.

• It is recommended to only allow access from the AutoSteps machines to the PerformanceGuard server on port 4001 (or an alternative port configured for contact to the PerformanceGuard server).
• It is recommended to have the authentication and encryption level set at the strictest level for contact to the PerformanceGuard Frontend Server to avoid rogue servers.
• It is recommended to minimize traffic between the AutoSteps subnet and the production / server subnets as much as possible.

Caution

The possibilities for this will depend on your implementation of AutoSteps and your requirements.

Computer Level Restriction

There should be dedicated rules on machines as well as rules on processes run by AutoSteps. The rules can be combined together with other rules that allow for more granular access on the network.

• It is recommended to only allow access from the AutoSteps machines to the PerformanceGuard server on port 4001.
• It is recommended to only allow access to external servers from the processes that execute the Scripts.

Tip

For windows machines it is possible to use the build-in Windows Advanced Firewall.

User Level Restriction

• It is recommended to have a dedicated user for AutoSteps.
• It is recommended to limit the access to the network with the minimum permissions for this user.

Caution

The possibilities for this will depend of your implementation of AutoSteps and your needs.

Custom Key Encryption

The AES key ensures a secure communication between PG Agent and Frontend.

• The user must Create a secret encryption key.
• During installation the user must Enable the key both for AutoSteps Agents as well as for the Frontend.
• The Agents should be configured to use Strong encryption.