7. Security Guide
This chapter describes how to use SpeeDBee Synapse securely.
7.1 User Management#
This section describes how to conduct user management to improve security.
Disable admin user
admin user is the default registered user in SpeeDBee Synapse. This user has all privileges. To prevent unauthorized accesses, we recommend that you disable it unless it is necessary. If you want to disable it, you need to add another user with system administrator privileges beforehand.
For information about how to disable a user, see “User Management”.
Strong password policy
It is desirable to register strong passwords for users. The following is an example of a strong password policy. When using tools that automatically generate passwords, it is recommended that the following conditions be met:
- Must be at least 8 characters in length
- At least one uppercase and lowercase letter, a number and a symbol are all used.
- Must be different from passwords for other accounts.
- Cannot be inferred from names or other personal information.
- English words are not used as they are.
- Do not lay out them in a way that is easy to make analogies and do not use easy combinations of them.
7.2 Using HTTPS#
When operating SpeeDBee Synapse, HTTPS is used to encrypt communications. This will increase the level of security.
For details of how to use HTTPS, see "HTTP/HTTPS Communication".
About the certificate to use
When performing encrypted communication using a certificate, please use a proper certificate issued by an official certificate authority.
If you use a self-certificate temporarily for purposes such as verification, create a certificate that includes a SAN (Subject Alternative Name). The certificate used to encrypt each component should also include the SAN.
7.3 Secure Token Management#
An access token indicates the access rights to a resource when accessing SpeeDBee Synapse from outside. If the access token is misused by a rogue attacker, the attacker may be able to gain unauthorized access to resources in SpeeDBee Synapse. Therefore, we recommend that you keep access tokens under lock and key to prevent them from falling into the hands of third parties.
7.4 Using Encrypted Communications#
Some components can use encrypted communication to provide a higher level of security.
| Item | Description |
|---|---|
| MQTT Collector | You can use encrypted communication by preparing a CA certificate. |
| Cloud Emitter for Azure | Communication is encrypted with this emitter. |
| Cloud Emitter for AWS | Communication is encrypted with this emitter. |
| FTP/FTPS/SFTP Emitter | Communication is encrypted by the use of FTPS or SFTP. |
| Send Mail | Using TLS provides more secure communication encryption. |
7.5 Checking operation logs#
By checking operation logs on a regular basis, you can detect suspicious activities at an early stage. For details about how to check operation logs, see “Logs of various types”.