OTRS and security concerns

peters · Post by **peters** » 02 Oct 2012, 16:22

We would like to use OTRS for our customers and enable them to create new tickets via the default web interface.
What are the best practises for securing this web access (how secure it is)?
For now, our firewall is doing some IPS/vulnerability scanning, but if possible, i would like to secure apache/otrs as well. We are using HTTPS of course.
Are there any differences if using inbuilt password authentication (in DB), LDAP, apache basicauth?
Is there any logwatch plugin, which would parse logs and point to a hacking attempt...?

jojo · Post by **jojo** » 02 Oct 2012, 17:12

Hi,

you should apply basic Apache security configs, like using mod_security.

For OTRS you should use password rules for the accounts if localy in DB, if they are stored in LDAP the LDAP rules where used.

For stronger security I suggest to use a reverse proxy only allowing to use customer frontend

peters · Post by **peters** » 04 Oct 2012, 21:38

Hi,

i managed to implement the mod_security feature. For reverse-proxy, which one do you recommend? Nginx or apache?
I totally agree to use only the customer frontend..

Thanks for tips.
Peter

jojo · Post by **jojo** » 05 Oct 2012, 09:15

should work with both. Nginx is quite fast to setup

Znuny Open Source Ticketsystem

OTRS and security concerns

OTRS and security concerns

Re: OTRS and security concerns

Re: OTRS and security concerns

Re: OTRS and security concerns