It is your responsibility to secure your network and systems, including Busby, but here are some recommended steps that can be taken.
Restrict physical access to network infrastructure inclulding servers, workstations, switches, routers and network ports.
Where local Busby users are configured, a password policy can be configured in the Busby configuration editor (e.g. minimum password length). Where SSO login is utilised (for example Azure or Okta) such policies are configured externally to Busby.
It is recommended to use a firewall/gateway to secure access to the network that Busby resides on, and to provide inbound access only to the servers and ports needed for users. For example, the firewall might allow HTTPS access through to the Busby Servers on port 443, and a VPN tunnel port through to a VPN or SSH server. This way, engineering staff needing to administrate or maintain the system must connect via VPN to do so.
If you also wish to have the linux firewall enabled on the Busby servers, you can do so, using the following guide on which ports to open network-access-and-ports
If you will be providing access to external users, it is recommended to use an HTTPS load balancer. This can automatically configure and provide the HTTPs certificates, along with providing some protection against DDOS and other attacks, depending on the load balancer used.
If desired you can run Antivirus on Busby servers. ClamAV has been tested and validated to work with Busby and not interfere with operations.
It is recommended that root access not be allowed directly via SSH and instead an admin user with superuser rights should be created. If desired, certificates can be used instead of passwords to access the server.
It is recommended that OS patches and updates be performed at a suitable time soon after they are released. However please note, it is strongly advised to stop Busby during OS or software updates. If you have Busby redunancy then servers will fail over to another server when Busby is stopped and operations can continue, however it is recommended to perform such updates in a predefined maintenance window.
Busby provides mechanisms for automatic configuration and database backups. It is strongly recommended these be utilised and that backups are written to a network store.