Security Recommendations

This page describe the recommended security features that should be configured for on-premise installations.

Server

Regarding the servers and operating system the following points should be considered:

  • The eRecruiter installation should be split into a multi-server architecture (see System Description).
  • The eRecruiter should only be installed on trusted servers that are fully controlled by the operations team.
  • Candidate data, even if just stored temporarily, should only be stored on encrypted partions and scanned for malicious content.

Network

Regarding the network infrastructure the following points should be considered:

  • The eRecruiter installation should be split into a multi-server architecture (see System Description).
  • The communication between the servers should be encrypted (HTTPS or secure tunnels).
  • The servers should be separated through firewalls with strong rule sets (ports, destinations).
  • The servers should use a separated VLAN infrastructure.

Data / Database

  • The data (files, database) should only be stored on encrypted partitions.
  • Data transfer between the data storage and applications should be encrypted.
  • Data access policy should be restricted to the application service users and a limited set of administrators.
  • Data should be scanned for malicious content.
  • Data transfer between database and applications should be encrypted.
  • Database access policy should be restricted to the application service users and a limited set of administrators.

Application

  • The application server logs should be activated in the IIS configuration.
  • The application server logs should be collected on a regular basis and stored in a secure location for an extended period.
  • The application sanitizes data transferred from candidates before displaying and storing whenever possible.
  • The application utilized different security mechanism to prevent common types of attacks.
  • The application uses a role based access policy (configurable in the administration interface).
  • The application uses an audit logs for actions related to candidates.