Security optimization
Introduction
Relution is a powerful tool with which users sometimes have extensive authorisations on managed devices. The system should therefore be optimally protected against unauthorised access. The Relution portal can be optimised in terms of security at various points with built-in functions. Added to this is the targeted distribution of necessary authorisations.
Use a secure password
If a new user account is created in Relution, a complex password is suggested here. This can be accepted or changed. In any case, make sure you adhere to the complexity recommendation of the BSI.
Add a second factor for authentication
Relution supports login with a second factor. Users must configure this themselves for their own account. To do this, click on the user name > Profile at the top right. An MFA token for an authenticator app or email verification can be stored there. Be sure to use this function!
Use access token
In Relution, an access token for using the API can also be stored in the user account profile. This token offers the advantage that no username/password combination needs to be stored in plain text in scripts. In addition, the token can be given an expiry date to ensure that it is not active for longer than is really necessary.
Configure IP access rules & Fail2Ban
In the Global Organisation, it is possible to configure IP access rules and a Fail2Ban under Settings > System security. For example, an IP address can be blocked for a period of time after 5 failed login attempts. Individual IPs or CIDRs can also be permanently released. Before configuring, test which IP your request uses to log in to the server to avoid being locked out yourself.
Manage permissions
Relution offers twelve authorisation preconfigurations as standard. Check which functions are active in which authorisation preset. To do this, click on Users > Permissions and pay attention to the entries that have been created by the system. These roles cannot be edited. However, you can create new authorisations at any time and enable the necessary functions for individual users on a fine-grained basis. The authorisations correlate with the user groups created by Relution.