Does Blackbaud Recommend Standard Firewall Settings for Blackbaud CRM?
Recently, we’ve had some organizations reach out to us with questions about Blackbaud’s recommendations for firewall settings. Cary McDonald, our Senior Product Support Lead for Developer Solutions and technical guru, shared some helpful insight into what we can (and can’t) suggest in terms of your firewall configuration, and the reasoning behind it all:
Blackbaud CRM and BBIS are standard .Net based web applications that also communicate over standard web ports, 80 and 443. We strongly recommend using port 443 for all traffic to make sure all the traffic is encrypted and that industry best practices for securing web applications are implemented as well. As far as recommendations, that is about it. Web security should be handled by your security professionals that keep up with the rapidly changing environmental threats and their mitigation, and in most cases not by Blackbaud application specialists.
Most questions that have come up regarding firewall or connectivity recently center on enhanced security measures that are often implemented as firewall or load balancers add-on modules. In many cases, they provide protection by inspecting, caching, or filtering the content that web applications are sending between the web servers and the end users. Your organization will likely have very specific security policies that are required to be implemented, tested, documented, and remediated regarding the implementation of security for web applications. The tighter your organization’s security, the more likely you will run into an issue where a particular security measure blocks a specific Blackbaud CRM or BBIS process from working correctly.
Some examples of the issues that come up?
Blackbaud CRM and BBIS are standard .Net based web applications that also communicate over standard web ports, 80 and 443. We strongly recommend using port 443 for all traffic to make sure all the traffic is encrypted and that industry best practices for securing web applications are implemented as well. As far as recommendations, that is about it. Web security should be handled by your security professionals that keep up with the rapidly changing environmental threats and their mitigation, and in most cases not by Blackbaud application specialists.
Most questions that have come up regarding firewall or connectivity recently center on enhanced security measures that are often implemented as firewall or load balancers add-on modules. In many cases, they provide protection by inspecting, caching, or filtering the content that web applications are sending between the web servers and the end users. Your organization will likely have very specific security policies that are required to be implemented, tested, documented, and remediated regarding the implementation of security for web applications. The tighter your organization’s security, the more likely you will run into an issue where a particular security measure blocks a specific Blackbaud CRM or BBIS process from working correctly.
Some examples of the issues that come up?
- Application firewalls can strip out content that violates the rules that are configured to keep unwanted content from going in or out of the network.
- Caching or proxy servers keep copies of content to distribute to users (which helps make web servers more efficient) but sometimes this causes problems if the content is meant to be dynamic.
- Load balancers can try to optimize web server connections and not keep established connections on the same server. In some cases, it times the connections out. This can cause processes to fail when persistent connections are not configured.
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 211 bbcon®
- 1.4K Blackbaud Altru®
- 402 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 657 Blackbaud Grantmaking™
- 577 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 941 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.7K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 248 ResearchPoint™
- 120 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 240 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 37 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Grid View Batch
- 3 (Closed) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 796 Community News
- 3K Jobs Board
- 54 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)