Scribd
Upload
66 views8 pages

UiPath Security Training Recap

This document provides a 3-sentence summary of a lesson on infrastructure training that recaps security considerations when implementing UiPath products: The lesson discusses security features in UiPath like robot registration, role-based access controls, password management using CyberArk, TLS protocols for secure communication, and deploying Orchestrator securely in the cloud or on-premises. It also covers account lockout policies to restrict access after failed login attempts and roles to review packages and view logs.

Uploaded by

Beatriz Eugenia Duque Restrepo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
66 views8 pages

UiPath Security Training Recap

This document provides a 3-sentence summary of a lesson on infrastructure training that recaps security considerations when implementing UiPath products: The lesson discusses security features in UiPath like robot registration, role-based access controls, password management using CyberArk, TLS protocols for secure communication, and deploying Orchestrator securely in the cloud or on-premises. It also covers account lockout policies to restrict access after failed login attempts and roles to review packages and view logs.

Uploaded by

Beatriz Eugenia Duque Restrepo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Infrastructure Training

Lesson 5 Recap
Security considerations

[Link]
Security features implemented in UiPath products

Robot registration in Orchestrator before Segregation of duties by roles and


connecting it permissions

HTTPS protocol

Reviewer’s role
to promote a package

Permission to view logs and


Copy automation artifact from Dev to Test transaction items
and to Production

Hardened security of encrypted passwords by


using a different IV
Integration with CyberArk

Robots passwords can be maintained in CyberArk


instead of Orchestrator’s own SQL Server
Database Orchestrator Server

CyberArk Server

Orchestrator will use an intermediary module –


Application Identity Manager (AIM) from
CyberArk – to request passwords from CyberArk
Server

CyberArk AIM module


Orchestrator receives the password unencrypted
and sends it to the robot using the secure https
channel
Trusted SSL certificates

The Certificate use an SSL


certificate in IIS that is trusted by
the computers in the network

The certificate includes either an acquired web


certificate (from a public authority) or a
certificate generated by your own certification
authority – a domain CA

The main issue with self-signed certificates is that


you have to export the public key from the
Orchestrator server and import it on every robot
machine
TLS 1.2 protocol

You can also disable TLS


1.0 and 1.1

Keep only TLS 1.2, our


products don’t need older
protocols
See the document attached to this
lesson on how to disable unsecure
protocols

Disable SSL 2.0, 3.0


protocols
Cloud deployment

Orchestrator deployed in the cloud Do not expose Orchestrator in the Create a VPN between the Robot’s
needs to be reachable by robots on- Internet network and Orchestrator’s network
premises (cloud)
Account lockout

Account lockout is not enabled If a user tries to log in with a wrong


by default password for more than “Max
access attempts” times, the account
will be locked

Automatic unlock occurs after A user with EDIT permission on


“Account Lockout Seconds” users can unlock the account
Thank you!

[Link]

You might also like