Advanced steps – XProtect Web Client

Always run XProtect Web Client on trusted client computers

Always securely connect all components of the VMS. Server-to-server and client-to-server connections should use proper authentication and Transport Layer Security (TLS) (https://datatracker.ietf.org/wg/tls/charter/) (or connect through VPN (https://datatracker.ietf.org/wg/ipsec/documents/)) and HTTPS. Always run XProtect Web Client on trusted computers, for example, do not use a client computer in a public space. Milestone recommends that you educate users about the security measures to remember when using browser-based applications, such as XProtect Web Client. For example, make sure they know to disallow the browser from remembering their password.

Learn more

The following control(s) provide additional guidance:

  • NIST SP 800-53 AC-2 Account Management
  • NIST SP 800-53 CM-6 Configuration Settings
  • NIST SP 800-53 IA-2 Identification and Authentication

Use certificates to confirm the identity of XProtect Mobile server

This document emphasizes the use of the latest TLS. With that comes the need for the proper use of certificates and the implementation of the TLS cipher suite. Milestone recommends that you install a certificate on the XProtect Mobile server to confirm the identity of the server when a user tries to connect through XProtect Web Client.

For more information, see the certificates guide about how to secure your XProtect VMS installations.

Learn more

The following control(s) provide additional guidance:

  • NIST SP 800-53 AC-2 Account Management
  • NIST SP 800-53 CM-6 Configuration Settings
  • NIST SP 800-53 IA-2 Identification and Authentication

Use only supported browsers with the latest security updates

Milestone recommends that you install only one of the following browsers on client computers. Make sure to include the latest security updates.

  • Apple Safari
  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox

Learn more

The following control(s) provide additional guidance:

  • NIST SP 800-53 CM-1 Configuration Management Policy and Procedures
  • NIST SP 800-53 CM-2 Baseline Configuration
  • NIST SP 800-53 CM-6 Configuration Settings
  • NIST SP 800-53 PL-8 Information Security Architecture
  • NIST SP 800-53 SI-3 Malicious Code Protection