Locking down a Bravura Security Fabric server
Bravura Security Fabric is a security application that manages sensitive credentials, privileged accounts, and identity data across your infrastructure. The server must be protected using a multi-layered security approach that includes hardening the operating system, restricting network access, securing the database, and encrypting all sensitive data in storage and in transit.
Bravura Security Fabric never stores plaintext passwords in configuration files or scripts and does not ship with a default administrator password. Sensitive stored data — including privileged passwords, security question answers, and password-type identity attributes — is encrypted using 256-bit AES with random keys. Password history is protected using SSHA-512 with a random salt.
This chapter provides best practices for securing the server and the sensitive data it stores, including:
Administrator credentials used by Bravura Security Fabric to connect to target systems.
Console user passwords used to sign in to, configure, and manage Bravura Security Fabric.
Passwords to managed accounts on target systems.
Password history and security question data for end users.
The objective is a reliable, highly available platform that is resistant to compromise. Apply these recommendations in combination with your organization's own security policies and compliance requirements.