This guide describes the security possibilities of the UiPath Process Mining platform. It also contains recommendations and best practices inside and outside the platform regarding security.
It is recommended to always use the latest version of Windows Server and keeping it up-to-date.
While UiPath Process Mining stores all passwords in an encrypted form, the software does not encrypt data on disk. It is recommended for the server administrator to encrypt the data disk, using, for example, BitLocker.
The In-Memory database stores all data. In this way, it can be accessed very quickly without using the input databases. The Analytics engine handles calculations. The Visualization and Process mining engines create visuals that can be used on dashboards.
Windows Defender is deemed as secure for end-point protection. If other tools are used, ensure that the UiPath Process Mining platform is whitelisted.
It is recommended to set up an HTTPS binding for the platform in IIS. For setting up HTTPS a certificate is needed. The certificate should at least be TLSv1.2.
For cloud servers, secure VPN tunnels are used to add the servers to the trusted network of the users.
To ensure data security while in transit, it is highly encouraged to set up this HTTPS binding. Furthermore, for accepted cipher suites on the server, it is recommended to use the ‘Modern compatibility’ list provided by Mozilla: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
To further increase security in transit, it is recommended to set up VPN tunnels for all connections to and from the server. A modern protocol should be used, older protocols such as PPTP should not be used.
Out of the box, all security-related settings of the platform are in their most restricted state:
- At first startup, only a single superadmin user has access. Access is restricted to the localhost.
- HTTP can only be used from localhost, other hosts can only connect through HTTPS. While not recommended, HTTP can be enabled for all hosts in the server settings.
It is possible to enable Two-Factor Authentication (2FA) to make your UiPath Process Mining application more secure. Two-Factor Authentication is an additional verification check to secure UiPath Process Mining accounts for unauthorized access. Two-Factor Authentication is available for developer accounts. It is recommended to enable 2FA in the Server Settings.
Two-Factor Authentication is also available for end-user accounts. By default, 2FA is not enabled for end-user accounts. Contact your UiPath Process Mining account manager if you want to set up Two-Factor Authentication for end-user accounts.
End-users only have access to the projects and data they have access rights for.
Application developers have access to everything in the complete installation. Therefore, it is recommended to set IP-address restrictions on the developer accounts. This can be done in the Superadmin users tab of the Superadmin interface.
Passwords are stored using a secure password hash. A password strength calculator is used to determine if passwords are strong. Brute forcing the login forms is prevented by delaying subsequent requests.
The password field is encrypted using a hash function. PBKDF2 with HMAC-SHA512 as pseudorandom function and 10000 iterations, together with a salt is used.
A salt is used to extend the input of the hash function. The salt consists of a fixed part (application-specific) and a 128bit randomly generated salt which is stored in the database. The random seed is generated on initializing the application in a session.
Since a cryptographic hash function is used, an encryption key is not required. No initialization vector is used in the hash function.
UiPath Process Mining has built-in support for anonymizing data.
For each attribute, the required anonymized can be set:
- Clear attribute
- Pseudonymize attribute
- Shuffle values.
Updated about a year ago