diff --git a/src/pages/manuals/admin/installation/_windows-iis-secure.md b/src/pages/manuals/admin/installation/_windows-iis-secure.md new file mode 100644 index 000000000..b1e8a6eb9 --- /dev/null +++ b/src/pages/manuals/admin/installation/_windows-iis-secure.md @@ -0,0 +1,9 @@ +_Note: It's essential to implement robust security measures for production applications before going live._ + +1. Once the installation is complete and the site is up and running, consider implementing security measures to protect your Oqtane application. +2. **Enable HTTPS**: Encrypt communication between the server and clients by enabling HTTPS. You can obtain SSL/TLS certificates from a trusted Certificate Authority (CA) like [Let's Encrypt](https://letsencrypt.org/) or purchase one from a commercial provider. Learn more about HTTPS and security best practices from the [Mozilla Server Side TLS Guidelines](https://wiki.mozilla.org/Security/Server_Side_TLS). [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/) tool helps generate secure SSL configurations for popular web servers, including Apache, Nginx, and others. It provides recommended configurations based on Mozilla's SSL/TLS best practices. +3. **Configure Authentication and Authorization**: Control access to your site's resources by configuring appropriate authentication and authorization mechanisms. You can leverage [ASP.NET Core Identity](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity) for user authentication and role-based authorization. Explore additional security topics and best practices for ASP.NET Core from the [ASP.NET Core security topics](https://learn.microsoft.com/en-us/aspnet/core/security) documentation. +4. **Implement Security Best Practices**: Follow security best practices such as input validation, output encoding, and protection against common web vulnerabilities like [Cross-Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) and [Cross-Site Request Forgery (CSRF)](https://owasp.org/www-community/attacks/csrf/). +5. **Keep Software Updated**: Regularly update Oqtane and its dependencies to patch security vulnerabilities and ensure that your site is protected against known threats. Stay informed about security advisories and apply patches promptly. +6. **Monitor and Respond**: Monitor your site for suspicious activities and implement logging and monitoring solutions to detect and respond to security incidents effectively. Set up alerts for unusual behavior and unauthorized access attempts. +7. **Regular Security Audits**: Conduct regular security audits of your Oqtane application to identify and remediate security vulnerabilities. Perform code reviews, penetration testing, and vulnerability scanning to ensure the integrity and security of your site. diff --git a/src/pages/manuals/admin/installation/windows-iis-express-sql-express.md b/src/pages/manuals/admin/installation/windows-iis-express-sql-express.md index c2f0b56dc..8a93277f1 100644 --- a/src/pages/manuals/admin/installation/windows-iis-express-sql-express.md +++ b/src/pages/manuals/admin/installation/windows-iis-express-sql-express.md @@ -91,19 +91,13 @@ *Note: If encountering errors during the Install Wizard due to database creation permissions, consider creating the database manually before initiating the Install Wizard.* ## Step 10: Secure the Site (Optional) -_Note: It's essential to implement robust security measures for production applications before going live._ -1. Once the installation is complete and the site is up and running, consider implementing security measures to protect your Oqtane application. -2. **Enable HTTPS**: Encrypt communication between the server and clients by enabling HTTPS. You can obtain SSL/TLS certificates from a trusted Certificate Authority (CA) like [Let's Encrypt](https://letsencrypt.org/) or purchase one from a commercial provider. Learn more about HTTPS and security best practices from the [Mozilla Server Side TLS Guidelines](https://wiki.mozilla.org/Security/Server_Side_TLS). [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/) tool helps generate secure SSL configurations for popular web servers, including Apache, Nginx, and others. It provides recommended configurations based on Mozilla's SSL/TLS best practices. -3. **Configure Authentication and Authorization**: Control access to your site's resources by configuring appropriate authentication and authorization mechanisms. You can leverage [ASP.NET Core Identity](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity) for user authentication and role-based authorization. Explore additional security topics and best practices for ASP.NET Core from the [ASP.NET Core security topics](https://learn.microsoft.com/en-us/aspnet/core/security) documentation. -4. **Implement Security Best Practices**: Follow security best practices such as input validation, output encoding, and protection against common web vulnerabilities like [Cross-Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) and [Cross-Site Request Forgery (CSRF)](https://owasp.org/www-community/attacks/csrf/). -5. **Keep Software Updated**: Regularly update Oqtane and its dependencies to patch security vulnerabilities and ensure that your site is protected against known threats. Stay informed about security advisories and apply patches promptly. -6. **Monitor and Respond**: Monitor your site for suspicious activities and implement logging and monitoring solutions to detect and respond to security incidents effectively. Set up alerts for unusual behavior and unauthorized access attempts. -7. **Regular Security Audits**: Conduct regular security audits of your Oqtane application to identify and remediate security vulnerabilities. Perform code reviews, penetration testing, and vulnerability scanning to ensure the integrity and security of your site. +[!INCLUDE [secure-iis-site](./_windows-iis-secure.md)] --- ## Resources + - [Oqtane Supported Databases](databases.md) - [Oqtane Installation Resources](resources.md) diff --git a/src/pages/manuals/admin/installation/windows-iis-localdb.md b/src/pages/manuals/admin/installation/windows-iis-localdb.md index 45b0e13b5..3b3f6f269 100644 --- a/src/pages/manuals/admin/installation/windows-iis-localdb.md +++ b/src/pages/manuals/admin/installation/windows-iis-localdb.md @@ -91,18 +91,13 @@ *Note: If encountering errors during the Install Wizard due to database creation permissions, consider creating the database manually before initiating the Install Wizard.* ## Step 10: Secure the Site (Optional) -_Note: It's essential to implement robust security measures for production applications before going live._ -1. Once the installation is complete and the site is up and running, consider implementing security measures to protect your Oqtane application. -2. **Enable HTTPS**: Encrypt communication between the server and clients by enabling HTTPS. You can obtain SSL/TLS certificates from a trusted Certificate Authority (CA) like [Let's Encrypt](https://letsencrypt.org/) or purchase one from a commercial provider. Learn more about HTTPS and security best practices from the [Mozilla Server Side TLS Guidelines](https://wiki.mozilla.org/Security/Server_Side_TLS). [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/) tool helps generate secure SSL configurations for popular web servers, including Apache, Nginx, and others. It provides recommended configurations based on Mozilla's SSL/TLS best practices. -3. **Configure Authentication and Authorization**: Control access to your site's resources by configuring appropriate authentication and authorization mechanisms. You can leverage [ASP.NET Core Identity](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity) for user authentication and role-based authorization. Explore additional security topics and best practices for ASP.NET Core from the [ASP.NET Core security topics](https://learn.microsoft.com/en-us/aspnet/core/security) documentation. -4. **Implement Security Best Practices**: Follow security best practices such as input validation, output encoding, and protection against common web vulnerabilities like [Cross-Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) and [Cross-Site Request Forgery (CSRF)](https://owasp.org/www-community/attacks/csrf/). -5. **Keep Software Updated**: Regularly update Oqtane and its dependencies to patch security vulnerabilities and ensure that your site is protected against known threats. Stay informed about security advisories and apply patches promptly. -6. **Monitor and Respond**: Monitor your site for suspicious activities and implement logging and monitoring solutions to detect and respond to security incidents effectively. Set up alerts for unusual behavior and unauthorized access attempts. -7. **Regular Security Audits**: Conduct regular security audits of your Oqtane application to identify and remediate security vulnerabilities. Perform code reviews, penetration testing, and vulnerability scanning to ensure the integrity and security of your site. +[!INCLUDE [secure-iis-site](./_windows-iis-secure.md)] --- + ## Resources + - [Oqtane Supported Databases](databases.md) - [Oqtane Installation Resources](resources.md) diff --git a/src/pages/manuals/admin/installation/windows-iis-sql.md b/src/pages/manuals/admin/installation/windows-iis-sql.md index 87ac569ff..6db8ac075 100644 --- a/src/pages/manuals/admin/installation/windows-iis-sql.md +++ b/src/pages/manuals/admin/installation/windows-iis-sql.md @@ -79,18 +79,13 @@ _Note: Ensure that the folder containing the Oqtane files has appropriate modify 3. You should now see the Oqtane installation wizard. Follow the on-screen instructions to complete the installation process. ## Step 12: Secure the Site (Optional) -_Note: It's essential to implement robust security measures for production applications before going live._ -1. Once the installation is complete and the site is up and running, consider implementing security measures to protect your Oqtane application. -2. **Enable HTTPS**: Encrypt communication between the server and clients by enabling HTTPS. You can obtain SSL/TLS certificates from a trusted Certificate Authority (CA) like [Let's Encrypt](https://letsencrypt.org/) or purchase one from a commercial provider. Learn more about HTTPS and security best practices from the [Mozilla Server Side TLS Guidelines](https://wiki.mozilla.org/Security/Server_Side_TLS). [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/) tool helps generate secure SSL configurations for popular web servers, including Apache, Nginx, and others. It provides recommended configurations based on Mozilla's SSL/TLS best practices. -3. **Configure Authentication and Authorization**: Control access to your site's resources by configuring appropriate authentication and authorization mechanisms. You can leverage [ASP.NET Core Identity](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity) for user authentication and role-based authorization. Explore additional security topics and best practices for ASP.NET Core from the [ASP.NET Core security topics](https://learn.microsoft.com/en-us/aspnet/core/security) documentation. -4. **Implement Security Best Practices**: Follow security best practices such as input validation, output encoding, and protection against common web vulnerabilities like [Cross-Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/) and [Cross-Site Request Forgery (CSRF)](https://owasp.org/www-community/attacks/csrf/). -5. **Keep Software Updated**: Regularly update Oqtane and its dependencies to patch security vulnerabilities and ensure that your site is protected against known threats. Stay informed about security advisories and apply patches promptly. -6. **Monitor and Respond**: Monitor your site for suspicious activities and implement logging and monitoring solutions to detect and respond to security incidents effectively. Set up alerts for unusual behavior and unauthorized access attempts. -7. **Regular Security Audits**: Conduct regular security audits of your Oqtane application to identify and remediate security vulnerabilities. Perform code reviews, penetration testing, and vulnerability scanning to ensure the integrity and security of your site. +[!INCLUDE [secure-iis-site](./_windows-iis-secure.md)] --- + ## Resources + - [Oqtane Supported Databases](databases.md) - [Oqtane Installation Resources](resources.md)