Security and privacy checklist :headding-anchor:get-started-security-privacy

This section will introduce you to the key elements to check regarding security and privacy. Some configurations can only be performed by on-premise customers.

Privacy

Privacy configuration and hardening is a key element of security optimization. Here are some best practices to follow regarding privacy:

  • Protect your customer PII by using HTTPS instead of HTTP
  • Use PII view restriction to protect privacy and prevent data from being misused.
  • Make sure that encrypted passwords are restricted.
  • Protect the pages that might contain personal information such as mirror pages, web applications, etc.

Read more

Access management

Access management is an important part of security hardening. Here are some of the main best practices:

  • Create enough security groups
  • Check that each operator has the appropriate access rights
  • Avoid using the admin operator and avoid having too many operators in the admin group

Read more

Scripting and coding guidelines

When developing in Adobe Campaign (workflows, Javascript, JSSP, etc.), always follow these guidelines:

  • Scripting: try to avoid SQL statements, use parameterized functions instead of string concatenation, avoid SQL injection by adding the SQL functions to use to the allowlist.

  • Secure the data model: use named rights to limit operator actions, add system filters (sysFilter)

  • Add captchas in web applications: learn how to add captchas in your public landing pages and subscription pages.

Read more

Network, database and SSL/TLS

A very important thing to check when deploying an on-premise type of architecture is the networking configuration.

It is also imperative that you follow your database engine security.

Read more

Server configuration

Configuration has to be performed on all servers. The configuration files are of the type serverConf.xml and config-<instance>.xml. Here are the key elements that need to be verified:

  • Security zones: Configure security zones so that they directly take into account the IP addresses of clients of a proxy.

  • File upload protection: limit the types of files that can be uploaded to the Adobe Campaign server using a new uploadAllowList attribute. This can be used in the server configuration file.

  • Relay: fine tune the relay configuration by deactivating the relay rules for unused modules/applications.

  • Outgoing connection protection and Command restriction (server-side)

  • You can also add extra HTTP headers, activate checkIPConsistent, enableTLS, sessionTimeOutSec, etc. Refer to the Campaign server configuration documentation and the Server configuration file description for more information.

Read more

Web-server configuration

Several best practices should be followed when configuring your web-server (Apache/IIS):

  • Disable old SSL version and ciphers
  • Remove the TRACE method
  • Remove the banner
  • Limit query size to prevent important files from being uploaded

Read more

recommendation-more-help
601d79c3-e613-4db3-889a-ae959cd9e3e1