Best Practices: Preventing Compromise of CTERA Portal

Security is a top priority for organizations leveraging the CTERA Portal for cloud storage and file services. Implementing robust authentication and password management practices can significantly mitigate the risk of unauthorized access.

In addition to antivirus and ransomware protection built-in to CTERA products, following the SAML and password best practices detailed below can substantially strengthen the security posture of your CTERA Portal environment. The following best practices will help to prevent compromise of the CTERA Portal.

Use SAML Authentication with Multi-factor Suthentication (MFA) for the Global Adminsitrator

• Why: Prevent unauthorized access to the global adminsitrator account.
• How: Configure SAML (Security Assertion Markup Language) authentication and enable MFA.
• Impact: Increases the difficulty for attackers to gain control over the global adminsitrator account.

SAML can be set in the SSO setting accessed from the Control Panel (Settings > Control Panel > SSO in the global administration user interface).

Use SAML Authentication with MFA for Team Portals (Customer Tenants)

• Why: To secure individual customer tenant accounts.
• How: Implement SAML with MFA for each tenant.
• Impact: Mitigates the risk associated with compromised passwords for tenant accounts.

SAML can be set per team portal in the SSO setting accessed from the Control Panel (Settings > Control Panel > SSO in the team portal user interface).

Use a Strong Password Policy

• Why: To guard against weak password guessing.
• How: Set robust password policies.
  • At least 8 characters long.
  • It should not contain any of your personal information — specifically, your real name, username or your company name.
  • It must be unique from your previously used passwords.
  • It should not contain any word spelled completely.
  • It contain different types of characters, including uppercase letters, lowercase letters, numbers and special characters, such as !@#?.
• Impact: Reduces the chance of password cracking attempts being successful.

The password policy can be set globally or per team portal in the Virtual Portal settings accessed from the Control Panel (Settings > Control Panel > Virtual Portal in either the team portal or global administration user interface).

Configure Mandatory Password Rotation

• Why: To ensure ongoing security for tenants not using SAML.
• How: Require password rotation at regular intervals.
• Impact: Makes it challenging for attackers to misuse long-standing passwords.

The password policy can be set globally or per team portal in the Virtual Portal settings accessed from the Control Panel (Settings > Control Panel > Virtual Portal in either the team portal or global administration user interface).

Train Customers on Password Best Practices

• Why: To ensure security discipline among customers not using SAML.
• How: Educate users to use unique administration passwords for the CTERA Portal and their local systems.
• Impact: Eliminates the risk of a compromised local system password being used to access the CTERA Portal.