In order to use the plugins please login as a
Guest
Spaces
People
Learning
Calendars
Analytics
Create
Create
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Recently viewed
Recently worked on
Profile
Tasks
Saved for later
Favourite Talks
Talk Tasks
Watches
Drafts
Network
Settings
Quizzes
Courses
Atlassian Marketplace
Log Out
Handy Macros
Pages
Handy Macros Demo
Handy Cards
8 Tips to Make Your Atlassian Instances More Secure and Reliable
8 Tips to Make Your Atlassian Instances More Secure and Reliable
search
recentlyviewed
attachments
weblink
advanced
image-effects
image-attributes
Paragraph
Paragraph
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Preformatted
Quote
Bold
Italic
Underline
Colour picker
More colours
Formatting
Strikethrough
Subscript
Superscript
Monospace
Clear formatting
Bullet list
Numbered list
Task list
Outdent
Indent
Align left
Align center
Align right
Page layout
Link
Table
Insert
Insert content
Files and images
Link
Markup
Horizontal rule
Task list
Date
Symbol
Insert macro
Handy Timestamp
Handy Status
Handy Tip
User mention
Table Plus
Talk
Talk Suggestion
Jira Issue/Filter
Info
Status
Gallery
Table of Contents
Team Calendar
Other macros
Page layout
No layout
Two column (simple)
Two column (simple, left sidebar)
Two column (simple, right sidebar)
Three column (simple)
Two column
Two column (left sidebar)
Two column (right sidebar)
Three column
Three column (left and right sidebars)
Undo
Redo
Find/Replace
Keyboard shortcuts help
<p style="text-align: left;"><img class="confluence-embedded-image" draggable="false" alt="alt text here" width="700" src="/download/attachments/28999705/8-security-tips-770x480.jpg?version=1&modificationDate=1554449845000&api=v2" data-image-src="/download/attachments/28999705/8-security-tips-770x480.jpg?version=1&modificationDate=1554449845000&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="28999828" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="8-security-tips-770x480.jpg" data-base-url="https://demo.stiltsoft.com" data-linked-resource-content-type="image/jpeg" data-linked-resource-container-id="28999705" data-linked-resource-container-version="3" title="Handy Macros > 8 Tips to Make Your Atlassian Instances More Secure and Reliable > 8-security-tips-770x480.jpg (title here)" data-location="Handy Macros > 8 Tips to Make Your Atlassian Instances More Secure and Reliable > 8-security-tips-770x480.jpg" data-element-title="title here" data-image-height="480" data-image-width="770"></p><table class="wysiwyg-macro" data-macro-name="excerpt" data-macro-id="fce3fb92-4e7a-4077-b57d-81669a59c0f9" aria-label="excerpt macro" data-macro-parameters="atlassian-macro-output-type=INLINE|hidden=true" data-macro-schema-version="1" style="background-image: url(https://demo.stiltsoft.com/plugins/servlet/confluence/placeholder/macro-heading?definition=e2V4Y2VycHQ6aGlkZGVuPXRydWV8YXRsYXNzaWFuLW1hY3JvLW91dHB1dC10eXBlPUlOTElORX0&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="RICH_TEXT"><tr><td class="wysiwyg-macro-body"><p><img class="confluence-embedded-image" draggable="false" alt="alt text here" width="700" src="/download/attachments/28999705/8-security-tips-770x480.jpg?version=1&modificationDate=1554449845000&api=v2" data-image-src="/download/attachments/28999705/8-security-tips-770x480.jpg?version=1&modificationDate=1554449845000&api=v2" data-unresolved-comment-count="0" data-linked-resource-id="28999828" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="8-security-tips-770x480.jpg" data-base-url="https://demo.stiltsoft.com" data-linked-resource-content-type="image/jpeg" data-linked-resource-container-id="28999705" data-linked-resource-container-version="3" title="Handy Macros > 8 Tips to Make Your Atlassian Instances More Secure and Reliable > 8-security-tips-770x480.jpg (title here)" data-location="Handy Macros > 8 Tips to Make Your Atlassian Instances More Secure and Reliable > 8-security-tips-770x480.jpg" data-element-title="title here" data-image-height="480" data-image-width="770"></p><h4>Learn how to improve security and reliability of your Atlassian software instances...</h4></td></tr></table><p style="text-align: left;"><br /></p><p style="text-align: left;">How secure are your Jira, Confluence or Bitbucket? Is your software reliable enough? Let’s see useful tips that can improve security and reliability of your Atlassian software instances.</p><h2 style="text-align: left;">Do you really need external access to your services?</h2><p style="text-align: left;">Of course, you should keep in mind the best practices that protect your servers and network, such as password policies, firewalls and so on. But think twice before opening access to your services through the Internet. Do your users really need to access the data outside the network? If so, you can improve security using the suggestions below:</p><ul style="text-align: left;"><li>Consider using <a href="https://en.wikipedia.org/wiki/Virtual_private_network" style="text-decoration: none;">VPN</a> out of the office instead of opening access to your applications from the Internet directly.</li><li>Use the encrypted connections to improve security.</li><li>Secure your employees’ devices that can access your network (such as laptops, tablets, smartphones and so on).</li><li>Use antivirus software, strong passwords, biometric authentication, smart cards, tokens, and two-factor authentication to make sure that only authorized persons have access to applications.</li></ul><h2 style="text-align: left;">Use HTTPS instead of HTTP</h2><p style="text-align: left;">There is no reason to use unencrypted HTTP connections because browsers mark them as insecure (and that’s true!). Even in case you are on a tight budget, you can afford SSL for your services. Use free certificates from <a href="https://letsencrypt.org/" style="text-decoration: none;">Let’s Encrypt</a> to protect your services. On the opposite side, it’s more convenient to use the single <a href="https://en.wikipedia.org/wiki/Wildcard_certificate" style="text-decoration: none;">wildcard certificate</a> from a reliable <a href="https://en.wikipedia.org/wiki/Certificate_authority" style="text-decoration: none;">certificate authority</a> for multiple web services. Always redirect HTTP connections to HTTPS ones to maintain compatibility and security.</p><p style="text-align: left;">Also, make sure that your SSL connections are properly configured and secure. You can perform a quick check with a free <a style="text-decoration: none;" href="https://www.ssllabs.com/ssltest">Qualys SSL test</a> online tool. If your service got a grade lower than A or A+, it’s recommended to review encryption settings. There are examples of A+ rate settings for different platforms <a style="text-decoration: none;" href="https://cipherli.st/">here</a> and <a href="https://mozilla.github.io/server-side-tls/ssl-config-generator/" style="text-decoration: none;">here</a>.</p><h2 style="text-align: left;">Take care of your database</h2><p style="text-align: left;">This can sound obvious, but it’s a common practice to install an application and its database on the single host. Sometimes this can look reasonable (especially during evaluation) but it’s better to split the application and the database to different hosts for production instances.</p><p style="text-align: left;">It’s also better to use the encrypted connections between the database and applications if possible. Finally, you should check if the database and Atlassian applications configure sufficient database connections. This doesn’t affect security but can affect stability of your Jira, Confluence or Bitbucket instance, especially during peak load times.</p><p style="text-align: left;">Remember to update your database because it is essential to your data security.</p><h2 style="text-align: left;">Keep your systems up-to-date</h2><p style="text-align: left;">It’s extremely important to have the latest versions of operating systems and software to avoid known vulnerabilities. Have you heard about the <a style="text-decoration: none;" href="https://en.wikipedia.org/wiki/Heartbleed">Heartbleed</a> vulnerability? A bug in the open-source library OpenSSL caused this vulnerability. The only way to fix it was updating the OpenSSL library that was used for encrypting purposes almost everywhere.</p><p style="text-align: left;">If you need to keep your HTTPS as much secure as possible, you need <a style="text-decoration: none;" href="https://en.wikipedia.org/wiki/Transport_Layer_Security">TLS1.3</a> cryptographic protocol that requires to upgrade OpenSSL once again. In some cases, you must update your operating system to upgrade OpenSSL. Security is a reason to keep your infrastructure always up-to-date.</p><p style="text-align: left;">Atlassian applications also need ongoing maintenance and updates in order to keep performing well. This can be a challenging task for large enterprises, but there are two approaches (they can be combined) to make your upgrade process less stressful:</p><ul style="text-align: left;"><li><a style="text-decoration: none;" href="https://www.atlassian.com/enterprise/data-center">DataCenter</a> versions of Atlassian applications that allow you to minimize downtimes during upgrades.</li><li><a href="https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html" style="text-decoration: none;">Enterprise releases</a> that allow you to get the latest security updates for your Atlassian software without migrating to next major releases that should be thoroughly tested.</li></ul><h2 style="text-align: left;">Back up your data</h2><p style="text-align: left;">There is an old joke about two kinds of admins: admins who make backups and admins who <strong>started to back up</strong>. Backups allow you to restore your application after any kind of failures like external attack, hardware failure or human error. Your strategy may depend on requirements of your business but main ideas are:</p><ul style="text-align: left;"><li>Know your stack of technologies. You may run Jira, Confluence, and Bitbucket on Linux or Windows, using AWS or your own datacenter, using bare metal hardware, virtual machines or Docker environment. Each installation has different strategies of making backups.</li><li>Feel free to use advantages provided by your environment (like LVM snapshots, VM snapshots and so on) to minimize the impact on the availability of services.</li><li>Back up your database as well as the Atlassian application’s home directory.</li><li>Don’t forget to add other important settings to your backup (reverse proxy settings, SSL certificate, firewall settings and so on).</li><li>Check your backups and restore procedure on a regular basis to make sure they help you when a real issue happens.</li></ul><p style="text-align: left;">Good backup allows you to restore your service literally in one click in a reasonable amount of time.</p><h2 style="text-align: left;">How to prevent DDoS and brute force attacks</h2><p style="text-align: left;">You lose money when your service is down or you can lose your data (and even the whole business) when hackers break into your system. As Atlassian applications are extremely important for businesses, you need to make sure that they have adequate protection against <a href="https://en.wikipedia.org/wiki/Denial-of-service_attack" style="text-decoration: none;">DDoS</a> and <a style="text-decoration: none;" href="https://en.wikipedia.org/wiki/Brute-force_attack">brute force attacks</a>.</p><p style="text-align: left;">You can <a href="https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/" style="text-decoration: none;">tune up your reverse proxy</a> or choose a <a style="text-decoration: none;" href="https://aws.amazon.com/shield/">solution from your hosting provider</a> to get rid of DDoS. Atlassian applications also have built-in protection against brute force attacks – feel free to activate <a href="https://confluence.atlassian.com/doc/configuring-captcha-for-failed-logins-216957808.html" style="text-decoration: none;">captcha for failed logins</a>. As an alternative, you can choose an <a style="text-decoration: none;" href="https://marketplace.atlassian.com/search?query=two%20factor">app</a> to implement two-factor authentication for Atlassian software.</p><h2 style="text-align: left;">Use your existing user directories and groups for managing users in Atlassian applications</h2><p style="text-align: left;">Do you have LDAP directories (Active Directory, OpenLDAP, Microsoft Azure AD and so on)? Use them to authenticate your users in Jira, Confluence, and Bitbucket. This allows you to reduce the number of passwords for users and reduce the administrative burden as well.</p><p style="text-align: left;">Also, it’s a good practice to use groups to give access to spaces in Confluence (or to projects in Jira and Bitbucket). This way you can simplify administration and reduce the number of errors. For example, disabling a user that leaves the company in the Active Directory will make it inactive in Jira, Confluence, and Bitbucket as well. However, you may forget to disable it somewhere if you need to disable the account in a few applications.</p><h2 style="text-align: left;">Perform security reviews and penetration tests on a regular basis</h2><p style="text-align: left;">It’s a good practice to make security reviews at least once a year. This can be a simple checklist or you can order a full review and penetration test from a consulting agency. The main points are:</p><ul style="text-align: left;"><li>All the issues found during the review must be fixed.</li><li>Make reviews on a regular basis.</li><li>Maintain the documentation related to your services relevant. Update it after each review.</li><li>It’s a good practice to review your security and reliability after any failure.</li></ul><h2 style="text-align: left;">An alternative way to improve security and reliability of Atlassian applications</h2><p style="text-align: left;">Ask us! Tell us about your company. Show us how you use Atlassian applications for your business. Get personal recommendations and help with checking and implementing them.</p>
Edit
Preview
Save
Close
{"serverDuration": 75, "requestCorrelationId": "52455477b24bc5d4"}