Security Recommendations for the Reflection Secure Shell Proxy

Use the following precautions to help ensure security on the Reflection Gateway Proxy (the system running the Reflection Secure Shell Proxy and the Reflection Transfer Server).

  • Do not join the server to a Windows domain.

  • Do not run non-essential services on the server that might provide user access, such as Telnet servers, FTP servers, and SQL servers.

  • In the Reflection Secure Shell Proxy console:

    • On the Reflection Gateway Users pane, leave Allow server access to Reflection Gateway users only and Restrict Reflection Gateway users to file transfer sessions selected. These default settings help minimize external user access to your system.

    • Change the user access account to an account with more limited privileges than the default service account.

    • Disable port forwarding for all users. To do this, clear both port forwarding options on the Permissions pane under Tunneling.

  • Configure firewalls that limit access to ports on your servers.