You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Hi @Jurij Ivastsuk-Kienbaum You can follow the below best practices to make your Confluence instance secure.
1. If you do not require your Confluence to be accessible publicly and only your company is used it then run the application under your company VPN so that public users should not be able to access the instance.
2, If Confluence is also used by public users then use the WAF solutions like Akamai, Cloudflare, etc to protest your application from the external attackers.
3. Always keep the Secure administrator sessions enable in your site from the Security Configuration so that admins will need to re-authenticate while accessing the admins configuration.
4. Always keep watch on the Atlassian security news for the CVE reported by the Atlassian and mitigating steps need to be taken
5. Have your applications running on the latest or closed to latest version so that security improvements added by Atlassian are always intact.
6. If you have internal security team then have them run regular audits against the application from UI and backend server so that there should not be any loophole.
7. Make sure all your lower instances like Stage/Devel/Pre-Prod are running internal to your network and have similar configuration as that of production to aviod any security issues and keep them aligned with your prod version.
8. Have minimum number of admins users in your application based on the size of your organization not more than 5-10 admins per site.
These are some basic but important things to remember to avoid any security issues
please take a look to the following article https://confluence.atlassian.com/doc/confluence-security-overview-and-advisories-134526.html
My suggestion is to monitor security advisor.
To be notified by email when new advisories or bulletins are published go to https://my.atlassian.com/email and subscribe to Tech Alerts emails.
Hope this helps,