Main Security Measures | |||
1 | Run AEM in Production Ready Mode |
| |
2 | Enable HTTPs |
| |
3 | Install Security Hotfixes |
| |
4 | Change Default Passwords for AEM and OSGi Console Admin Accounts |
| |
5 | Implement Custom Error Handler (review 404 and 500 response codes) |
| |
6 | Dispatcher Security Checklist (this is discussed in details in another blog post) |
| |
Verification Steps | |||
7 | Configure replication and transport users |
| |
8 | Check if Example Content is Present |
| |
9 | Check if the CRX development bundles are present |
| |
10 | Check if the Sling development bundle is present |
| |
11 | Check for Cross-Site Request Forgery Protection |
| |
OSGi Settings and Configurations | |||
12 | Adobe Granite HTML Library Manager |
| |
13 | Day CQ WCM Debug Filter |
| |
14 | Day CQ WCM Filter |
| |
15 | Apache Sling Java Script Handler |
| |
16 | Apache Sling JSP Script Handler |
| |
17 | Configure Sling to Prevent Denial of Service (DoS) Attacks |
| |
18 | Disable WebDAV |
| |
Adobe AEM Dashboard – Health Reports (All status: OK or Warn but does not impact the environment) | |||
19 | Resource Search Path Errors |
| |
20 | System Maintenance |
| |
21 | Replication Queue |
| |
22 | Log Errors |
| |
23 | Active Bundles |
| |
24 | Response Performance |
| |
25 | Query Performance |
| |
26 | Query Traversal Limits |
| |
27 | Sling Jobs |
| |
28 | Synchronized Clocks |
| |
29 | Code Cache Health CHeck |
| |
30 | Disk Space |
| |
31 | Observation Queue Length |
| |
32 | Asynchronous Indexes |
| |
33 | Scheduler Health Check |
| |
34 | Large Lucene Indexes |
| |
35 | Sling/Granite Content Access Check |
| |
Adobe AEM Security Dashboard (All status: OK or Warn but does not impact the environment) | |||
36 | Deserialization Firewall Attach API Readiness |
| |
37 | Deserialization Firewall Functional |
| |
38 | Deserialization Firewall Loaded |
| |
39 | Authorizable Node Name Generation |
| |
40 | CRXDE Support |
| |
41 | DavEx Health Check |
| |
42 | Default Login Accounts |
| |
43 | Sling Get Servlet |
| |
44 | CQ Dispatcher Configuration |
| |
45 | Example Content Packages |
| |
46 | CQ HTML Library Manager |
| |
47 | Replication and Transport Users |
| |
48 | Sling Java Script Handler |
| |
49 | Sling JSP Script Handler |
| |
50 | Sling Referrer Filter |
| |
51 | SSL Configuration |
| |
52 | User Profile Default Access |
| |
53 | WCM Filter Configurations |
| |
54 | WebDAV Access |
| |
55 | Web Server Configuration |
| |
Adobe AEM Dashboard – Diagnosis | |||
56 | Status |
| |
57 | Thread Dump |
| |
58 | Heap Dump |
| |
59 | Log Messages |
| |
60 | Index Manager |
| |
61 | User Sync Diagnostics |
| |
January 2, 2021
Estimated Post Reading Time ~
AEM Security Checklist
After doing an AEM installation, one of the next steps is to make sure that your installation is secured. The following are some critical recommendations on what you need to check to make sure that your AEM is indeed secured. This list is based on Adobe's Security Checklist.
This is a PDF version of the list for you to print out and use as a guide when you're doing your own checklist:
The following are the security checklist that can be performed and other notes if it pertains to the specific security task:
By
aem4beginner
No comments:
Post a Comment
If you have any doubts or questions, please let us know.