Southsoftware.com
   

Connection security in Advanced Task Scheduler Network

New in Version 11: Mandatory Certificate Authentication

The server enforces strict client authentication using X.509 certificates, ensuring that only authorized clients can establish a connection. The server requires clients to present a valid certificate signed by the server's own Certificate Authority (CA).

Client Certificate Requirement

  • The server mandates that clients provide a valid certificate before establishing a connection.
  • Only certificates signed by the server's self-signed CA are accepted.

Server-Side Authorization

  • The server performs certificate validation and rejects connections from clients with:
    • Invalid or expired certificates.
    • Certificates not issued by the server's CA.
    • Certificates lacking proper permissions.

Unique Self-Signed CA per Server Instance

  • Each server instance generates its own CA, ensuring isolation between deployments. The CA is created during the installation process or on the first start of the server. The CA can be replaced at any time on the "Configuration" tab in the server's service settings.
  • Clients must obtain a certificate signed by the specific server's CA to connect. A client certificate can be obtained on the "Configuration" tab in the server's service settings.

TLS 1.2 with High-Strength Ciphers

  • The server enforces TLS 1.2 to maintain data confidentiality and integrity.
  • Only high-strength ciphers (e.g., AES-256-GCM, ECDHE-RSA) are permitted, ensuring robust encryption.

Network Restrictions (Optional)

  • Configured via the "Configuration" tab in the server's service settings.
  • If enabled, restricts access based on:
    • IP whitelisting (only specified IPs can connect).
    • IP blacklisting (blocks known malicious IPs).
  • Useful for limiting access to trusted networks.

Password Protection (Optional)

  • Configured via the "Storage" section on the "Preferences" window.
  • If a password is set, clients must provide it upon connection.
  • Works alongside certificate authentication for multi-factor security.
  • Recommended for sensitive environments where an extra layer of access control is needed.

Conclusion

  • The server provides enterprise-grade security through:
    • Certificate-based authentication (most secure option)
    • Optional IP filtering (for network-level control)
    • Optional password protection (for multi-factor security)
    • Strong TLS encryption (to protect data in transit)

Categories: Task scheduler

Leave a Reply

   
About us   Cookie policy   Privacy policy   Terms of use   Link to us