Adobe Reader Hardening Guide

[Ailene Goldhirsh]

Ihave adobe acrobat reader version 2019.010.20099 installed on one of the citrix servers. I want to make a change in Edit - > Preferences - > Security(Advanced) The change is to uncheck the "Enable protected mode at startup". I am able to do this change from my account and this change reflects when I open Acrobat reader via citrix. But this change is not reflecting for other users. Other users have to manually do this change by opening acrobat reader and then saving the settings. Unfotunatly this is not a feasible solution as the userbase is more than 500. Is there any way that I can do this setting on the citrix server and it reflects for all users? The other way to ask same question is" Where this setting is stored for all users on the same server?"

Disabling protected mode is not recommended. It is designed to transparently protect networks in the background. Users rarely encounter issues or dialogs, and it does not provide per-document warnings. There are also multiple ways to trust files, folders, and hosts as needed. The yellow message bar is part of Protected View, so if you're looking to avoid those, configure that instead.

The Veeam Backup & Replication console is a client-side component that provides access to the backup server. The console lets several backup operators and admins log in to Veeam Backup & Replication simultaneously and perform all kind of data protection and disaster recovery operations as if you work on the backup server.

Prefer installing the Veeam Backup & Replication Console on a central management server positioned in a secure network zone and protected with 2-factor authentication rather than installing the console on the local desktops of backup & recovery admins. Always enforce MFA when authenticating to the Veeam Backup and Replication Console itself (supported starting v12).

Backup & Replication Console should be removed from the Veeam Backup & Replication Server when possible (see the note at the end of this section). The console is installed locally on the backup server by default.

The Console cannot be removed through the installer or by using Add/Remove in Windows. Open a cmd prompt with administrative access. On the command prompt type: wmic product list brief > installed.txt - this will create a text document with all installed products and their respective Product Codes.

Important note: Uninstalling Veeam Backup and Replication console removes PowerShell module and makes using Veeam Backup PowerShell cmdlets impossible on the Backup Server. This may affect automation scripts or products that rely on PowerShell for interacting with Veeam Backup and Replication, for example Veeam Availability Orchestrator (former Veeam Disaster Recovery Orchestrator).

All passwords stored in the database are encrypted. However, a user with administrator privileges on the backup server can decrypt the passwords, which presents a potential threat. Refer to Veeam kb 4349 for more information.

Think about additional software like web browsers, java, adobe reader and such. All parts which do not belong to the operating system or to active Veeam components, remove them. It will make maintaining an up-to-date patch level much easier.

So, make sure every piece of software and hardware where Veeam components are running are up to date. One of the most possible causes of a credential theft are missing guest OS updates and use of outdated authentication protocols.

You may choose to isolate your Veeam Backup and Replication server from the internet, in that case you will have to proceed with offline updates : download updates from another machine, copy binaries to the VBR Server and apply updates. If you choose to allow your Veeam Backup and Replication Server to access the Internet, take care to strictly restrict access to update servers for applications and operating systems, again, remove any tool and browser to prevent installation/download of potential harmful pieces of code. Of course, do not expose your Veeam Backup and Replication Server to the Internet.

Try not to use obscure ports and other tricks to try and hide Veeam ports and protocols in use, while this may look like a good choice. In practice this often makes the infrastructure harder to manage which opens other possibilities for attackers. Obscurity is not security!

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

This document describes the information to help you secure your Cisco IOS system devices, which increases the overall security of your network. Structured around the three planes into which functions of a network device can be categorized, this document provides an overview of each included feature and references to related documentation.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

The coverage of security features in this document often provides enough detail for you to configure the feature. However, in cases where it does not, the feature is explained in such a way that you can evaluate whether additional attention to the feature is required. Where possible and appropriate, this document contains recommendations that, if implemented, help secure a network.

Secure network operations is a substantial topic. Although most of this document is devoted to the secure configuration of a Cisco IOS device, configurations alone do not completely secure a network. The operational procedures in use on the network contribute as much to security as the configuration of the underlying devices.

The Cisco Product Security Incident Response Team (PSIRT) creates and maintains publications, commonly referred to as PSIRT Advisories, for security-related issues in Cisco products. The method used for communication of less severe issues is the Cisco Security Response. Security advisories and responses are available at

In order to maintain a secure network, you need to be aware of the Cisco security advisories and responses that have been released. You need to have knowledge of a vulnerability before the threat it can pose to a network can be evaluated. Refer to Risk Triage for Security Vulnerability Announcements for assistance this evaluation process.

The Authentication, Authorization, and Accounting (AAA) framework is vital to secure network devices. The AAA framework provides authentication of management sessions and can also limit users to specific, administrator-defined commands and log all commands entered by all users. See the Authentication, Authorization, and Accounting section of this document for more information about how to leverage AAA.

In order to gain knowledge about existing, emerging, and historic events related to security incidents, your organization must have a unified strategy for event logging and correlation. This strategy must leverage logging from all network devices and use pre-packaged and customizable correlation capabilities.

After centralized logging is implemented, you must develop a structured approach to log analysis and incident tracking. Based on the needs of your organization, this approach can range from a simple diligent review of log data to advanced rule-based analysis.

Many protocols are used in order to carry sensitive network management data. You must use secure protocols whenever possible. A secure protocol choice includes the use of SSH instead of Telnet so that both authentication data and management information are encrypted. In addition, you must use secure file transfer protocols when you copy configuration data. An example is the use of the Secure Copy Protocol (SCP) in place of FTP or TFTP.

NetFlow enables you to monitor traffic flows in the network. Originally intended to export traffic information to network management applications, NetFlow can also be used in order to show flow information on a router. This capability allows you to see what traffic traverses the network in real time. Regardless of whether flow information is exported to a remote collector, you are advised to configure network devices for NetFlow so that it can be used reactively if needed.

Configuration management is a process by which configuration changes are proposed, reviewed, approved, and deployed. Within the context of a Cisco IOS device configuration, two additional aspects of configuration management are critical: configuration archival and security.

You can use configuration archives to roll back changes that are made to network devices. In a security context, configuration archives can also be used in order to determine which security changes were made and when these changes occurred. In conjunction with AAA log data, this information can assist in the security auditing of network devices.

The configuration of a Cisco IOS device contains many sensitive details. Usernames, passwords, and the contents of access control lists are examples of this type of information. The repository that you use in order to archive Cisco IOS device configurations needs to be secured. Insecure access to this information can undermine the security of the entire network.

The management plane consists of functions that achieve the management goals of the network. This includes interactive management sessions that use SSH, as well as statistics-gathering with SNMP or NetFlow. When you consider the security of a network device, it is critical that the management plane be protected. If a security incident is able to undermine the functions of the management plane, it can be impossible for you to recover or stabilize the network.

3a8082e126