September 2018 James Grant Search Engines
Sage CRM Installation Tips
Please make sure you follow best practices when installing a secure Sage CRM system. More information can be found here.
More and more Sage CRM customers now require quick and easy access to their system anytime and from anywhere. Sometimes outside of the office network and also without logging onto a VPN connection first.
Configuration of access on a public IP is relatively straightforward, set up CRM on a Secure Socket Layer (SSL), add some firewall rules on the HTTP/HTTPS/Tomcat ports and possibly create a dns record for a crm subdomain.
But although our customers require this, they don't necessarily want their CRM login page indexed by search engines, revealing a gateway to their sensitive data. Although Sage CRM passwords are encrypted using a secure symmetric-key encryption algorithm (3DES), this method of encryption is gradually being replaced by a new Advanced Encryption Standard (AES). Many configurations allow for users to define and manage their own login password, this also opens up potential vulnerabilities, so setting the minimum length and ensuring complex values should be enabled.
A simple search on google already reveals many customers Sage CRM login page and who its licensed to.
Our technicians add an extra step in the deployment configuration.
The X-Robots-Tag is a HTTP header that informs search engine crawlers (‘robots’) how they should treat the page being requested. It’s this tag that can be used as a very effective way to prevent login folders and other sensitive information from being shown in Google’s search results.
With a quick modification to your Sage CRM server we can prevent search engines from including your login page in their search results.
1. Open Internet Information Services (IIS) Manager
2. Click the server instance name from the left menu
3. Open HTTP Response Headers
4. Click Add… from the action menu
5. In the Name input, type: X-Robots-Tag and in the Value input, type: noindex, nofollow