How can we help you today?

Recommended security settings for MyWorkDrive

You are here:
< Back

The default configuration of MyWorkDrive, Windows Server and your firewall is designed to get MyWorkDrive server up and running with minimum effort; however, settings should be adjusted to improve security before deploying to production.

This is a specific list of Recommendations regarding Security settings in MyWorkDrive. A more general discussion of MyWorkDrive security architecture can be found in our Security Overview.

Many of the recommendations made are covered in further detail in our Server Setup Guide and the links provided below.

General Security Settings

MyWorkDrive Server Settings

  • Either enable the Cloud Web Connector, or Setup an SSL certificate and Require SSL for login. As of version 5.4.1, the Cloud Web Connector uses Cloudflare, which includes a number of security beneifts as outlined in our Cloudflare Integration article.
  • Disable any clients you are not using. If you do not intend to support any of the three available clients (Web Client, Map Drive client or Mobile client) disable them in Settings.
  • When enabling Map Drive and Mobile Clients, set a minimum version to match the version at install with MyWorkDrive server. IE, if you are installing a new MyWorkDrive instance, set the minimum version of the Clients to match the installed server version. If you are updating MyWorkDrive server, update clients as appropriate to take advantage of security updates and performance improvements.
  • Setup a Block or Allow list for file types for the Map Drive client to restrict file types.
  • Disable WebDAV, unless you are using a device or service which requires it. MyWorkDrive does not require WebDAV to be enabled, the setting in Settings allows MyWorkDrive to act as a WebDAV server to permit connections by legacy devices. Note that WebDAV is not available when using Entra ID for the user directory.
  • Disable OneDrive and Outlook sharing if you do not intend to support them.
  • Adjust Session Timeouts at the bottom of the Settings page to be appropriate for your organization. The time listed is in Minutes.

 

MyWorkDrive Enterprise Settings

  • Enable SSO if using Active Directory foy our user directory. We support most SSO providers via SAML through manual configuration, and have included easy setup wizards for ADFS, AzureAD, OneLogin, Okta and Shibboleth. Note that Saml SSO is only available when using Active Directory. When using Entra ID for the user directory, a native Microsoft Login is used
  • Enable MFA, if not included with your SSO. We have included Duo for users who do not have an MFA through their SSO. Duo is only available with Active Directory mode.
  • Enable Data Leak Prevention and apply it to shares where users should not be permitted to download files.

 

Alerts/Logs

Either setup the Alerts feature to notify you of unusual activity by users/clients accessing shares via email, or setup a log aggregating software to capture the logs and provide monitoring/processing. Login and User Activities are stored in C:\Wanpath\WanPath.Data\Logs\AdminDashboard\