Introduction

Install on dedicated systems

• Deploy WhatsUp Gold, the SQL Server hosting its databases, and any scalability pollers on dedicated servers. This reduces cross service exposure and unintended data access. Do not use these servers for any other roles or applications.

Physical security

• Place all WhatsUp Gold-related servers in locked rooms or equipment cabinets.
• Restrict physical access to trusted administrators only.

Domain integration

• Join WhatsUp Gold servers to the organization’s Windows domain to allow centralized enforcement of password policies, patching, and security baselines.

Validate installation integrity

• Verify the digital signature of the WhatsUp Gold installation binaries to ensure they originate from Progress Software and have not been tampered with.

Supported protocols

• Enforce TLS 1.2 only, disabling SSLv3, TLS 1.0, and TLS 1.1 on all servers hosting WhatsUp Gold components. This mitigates downgrade attacks and insecure encryption exposure.

System patching

• Ensure the underlying Windows OS, .NET Framework, and related software are continuously patched and kept current before and after installation. This reduces vulnerabilities from unpatched components.

Use strong passwords

• Use strong, complex passwords for all accounts created during installation (e.g., SQL Server Express reduced privilege account, WhatsUpGold_User Windows account, and admin web interface account). WhatsUp Gold enforces server-level password complexity requirements during setup.

Limit account sharing

• Never share WhatsUp Gold-created service or application accounts with other applications or users. Dedicated accounts minimize cross-system compromise potential.

Least privledge

• Ensure all deployment, monitoring, and service accounts run with least-privilege permissions.

Protect communications

• Secure communications between WhatsUp Gold and external systems (e.g., users, devices, APIs) via encrypted channels and restricted ports.

Restrict access paths

• Apply firewall rules limiting access to WhatsUp Gold servers to only necessary management networks and authorized administrators.

Disable unused features

• Minimize enabled services, plugins, and modules to reduce potential attack surface.

Secure web interfaces

• Harden the WhatsUp Gold web and Windows interfaces using best-practices such as:
  • Enforcing strong authentication.
  • Enabling MFA where possible.
  • Restricting administrative pages.
  • Disabling default or sample configurations.

• Host the SQL database on a secure, dedicated server as noted previously.
• Enforce the following: encryption in transit (TLS), strong authentication, least privilege SQL logins, and regular patching and backup validation.

Continuous Security Reviews

• Regularly review logs, alerts, and system configuration to detect abnormal behavior or unauthorized attempts.

Patch Management

• Apply vendor issued patches and security updates as soon as possible to address vulnerabilities.

Backup and Recovery Preparedness

• Maintain secure, off-server backups of WhatsUp Gold configuration, SQL databases, and critical system files.
• Test restore procedures regularly.

These hardening guidelines deliver a structured approach for securing WhatsUp Gold environments; from installation through ongoing operation. By adhering to secure deployment practices, enforcing strong identity controls, limiting service exposure, and applying continuous monitoring and updates, organizations significantly strengthen the security posture of their WhatsUp Gold implementation.