Novell IFOLDER 3.6 - SECURITY ADMINISTRATION, Manual

Share

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

Page: 9 / 22

Novell IFOLDER 3.6 - SECURITY ADMINISTRATION Manual Download Page 9

Security Best Practices Overview

1

9

n

ov

do

cx (e

n)

11
Ju

ly 20

08

1

Security Best Practices Overview

This section summarizes the recommended configurations and settings required to run Novell

®

iFolder

®

3.6 and the iFolder

TM

client in a secure mode.

Section 1.1, “Security Recommendations for iFolder 3.6,” on page 9

Section 1.2, “Security Recommendations for OES Linux,” on page 10

1.1 Security Recommendations for iFolder 3.6

The following table lists the iFolder server configuration settings that impact iFolder security.

Table 1-1

Security Recommendations

Parameter

Possible Values

Default Value

Recommended Value for
Best Security

SSL for server to LDAP
server communications

Novell iManager >
iFolder 3.6 > Launch
iFolder Web Admin
Console > Servers >
Server Details > LDAP
SSL > Yes

Select

Yes

to enable

SSL; deselect

Yes

(No)

to disable SSL

Yes, SSL enabled

Yes, SSL enabled

Web browser to
iManager Server
communications

HTTPS and Novell
eDirectory

TM

authentication

HTTPS and eDirectory
authentication

HTTPS and eDirectory
authentication

iFolder Admin user

User-specified

User-specified
administrator user

Special iFolder Admin
user identity for
managing iFolder
services

Equivalent iFolder
Admin users

User-specified

None

Users with limited
administrator rights,
such as for a specific
iFolder server

iFolder Proxy user
password

User-specified

Auto generated during
initial configuration of the
iFolder server

User-specified, using
strong password
practices

«
...
7
8
9
10
11
...
»

Summary of Contents for IFOLDER 3.6 - SECURITY ADMINISTRATION

Page 1: ...Novell www novell com novdocx en 11 July 2008 AUTHORIZED DOCUMENTATION Novell iFolder 3 6 Security Administration Guide iFolder 3 6 December 2007 Security Administration Guide ...

Page 2: ... Cover Texts A copy of the GFDL can be found at the GNU Free Documentation Licence http www fsf org licenses fdl html THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT ARE PROVIDED UNDER THE TERMS OF THE GNU FREE DOCUMENTATION LICENSE WITH THE FURTHER UNDERSTANDING THAT 1 THE DOCUMENT IS PROVIDED ON AN AS IS BASIS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING WITHOUT LIMITA...

Page 3: ...yman Street Suite 500 Waltham MA 02451 U S A www novell com Online Documentation To access the online documentation for this and other Novell products and to get updates see the Novell Documentation Web page http www novell com documentation ...

Page 4: ...demarks For a list of Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the property of their respective owners ...

Page 5: ... 14 2 11 Using Synchronize Now to Remove Users 14 2 12 Controlling Access to the iFolder Data Store 14 2 13 Controlling Access to the iFolder Server Configuration Files 14 2 14 Controlling Access to And Backing Up the iFolder Audit Logs 15 2 15 Storing iFolder 3 6 Data Encrypted on the Server 15 2 16 Preventing the Propagation of Viruses 15 2 17 Backing Up the iFolder Server 15 2 18 Loading the Re...

Page 6: ...6 Novell iFolder 3 6 Security Administration Guide novdocx en 11 July 2008 A Documentation Updates 21 A 1 December 2007 21 A 2 October 2007 21 A 3 August 15 2006 22 A 4 November 1 2005 22 ...

Page 7: ...r comments there Documentation Updates For the most recent version of the Novell iFolder 3 x Security Administrator Guide visit the Novell iFolder 3 x documentation Web site http www novell com documentation ifolder3 index html For emerging issues with Novell iFolder 3 6 and the iFolder client see the Novell iFolder 3 6 Readme http www novell com documentation beta ifolder3 Additional Documentatio...

Page 8: ...k An asterisk denotes a third party trademark When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms the pathname is presented with a backslash Users of platforms that require a forward slash such as Linux or UNIX should use forward slashes as required by your software ...

Page 9: ...rity SSL for server to LDAP server communications Novell iManager iFolder 3 6 Launch iFolder Web Admin Console Servers Server Details LDAP SSL Yes Select Yes to enable SSL deselect Yes No to disable SSL Yes SSL enabled Yes SSL enabled Web browser to iManager Server communications HTTPS and Novell eDirectoryTM authentication HTTPS and eDirectory authentication HTTPS and eDirectory authentication iF...

Page 10: ...urity issues in Novell Open Enterprise Server see the following sections in the Novell OES Planning and Implementation Guide http www novell com documentation oes implgde data front html Authentication http www novell com documentation oes implgde data authentication html Security http www novell com documentation oes implgde data security html ...

Page 11: ... 11 Using Synchronize Now to Remove Users on page 14 Section 2 12 Controlling Access to the iFolder Data Store on page 14 Section 2 13 Controlling Access to the iFolder Server Configuration Files on page 14 Section 2 14 Controlling Access to And Backing Up the iFolder Audit Logs on page 15 Section 2 15 Storing iFolder 3 6 Data Encrypted on the Server on page 15 Section 2 16 Preventing the Propagat...

Page 12: ...performance Currently you cannot change this setting for iFolder You should use a VPN virtual private network for communications over wireless networks and outside the firewall For information see Section 4 3 Securing Communications with a VPN If SSL Is Disabled on page 19 2 4 Web Access Server Communications By default the iFolder Web Access server is configured to require SSL All Web browser bas...

Page 13: ... old and older versions of Windows such as Windows 98 might still need those cipher suites for other services For information see Configuring the SSL Cipher Suites for the Apache Server in the OES2 Novell iFolder 3 6 Administration Guide For information about configuring strong SSL TLS security solutions see SSL TLS Strong Encryption How To http httpd apache org docs 2 0 ssl ssl_howto html on the ...

Page 14: ...ly in the data path simias local if directory on the iFolder server after configuring the iFolder enterprise server and before the iFolder service is started for the first time The restart of Apache is forced at the end of the configuration process which starts the iFolder service During the initial startup the iFolder process reads the file stores the password in reversible encrypted format in th...

Page 15: ...gation of Viruses Because iFolder is a cross platform distributed solution there is a possibility of a virus infection on one platform migrating across the iFolder server to other platforms and vice versa You should enforce server based virus scanning to prevent viruses from entering the corporate network You should also enforce client based virus scanning 2 17 Backing Up the iFolder Server Backin...

Page 16: ...acked via bar codes stored in environmentally friendly conditions and are handled by a company whose reputation rests on its ability to handle your media properly 2 18 Loading the Recovery Agent Certificates The Novell iFolder service by default is not configured for the Recovery agent During server configuration via YaST ensure that the Recovery agent path is configured This path should contain t...

Page 17: ...cal iFolder traffic or configure a local static port for iFolder to use for that purpose 3 2 Configuring Client Side Virus Scanners for iFolder Communications Because iFolder is a cross platform distributed solution there is a possibility of a virus infection on one platform migrating across the iFolder server to other platforms and vice versa You should enforce client based virus scanning to prev...

Page 18: ...er data or the encrypted key used for recovering it In this case the Recovery agent that is selected when the passphrase is set helps in recovering the encryption key For more information on the Recovery agent see the Section 3 5 Using the Recovery Agent on page 18 3 5 Using the Recovery Agent The Novell iFolder 3 6 enterprise server uses a Recovery agent which is an X 509 certificate based entity...

Page 19: ...o prevent direct access by a would be intruder 4 3 Securing Communications with a VPN If SSL Is Disabled We recommend configuring Novell iFolder 3 6 to use encryption for all data exchanges between its different components because iFolder data is not encrypted by default If you configure iFolder not to use encryption between the enterprise server and client or between the Web access server and the...

Page 20: ...al for small networks but it is a time consuming administrative effort for large networks Use an anonymous Service Set Identifier SSID by turning off the SSID broadcast for access points 4 5 Creating Strong Password And Passphrase Make sure to employ security best practices for passwords such as the following Length The minimum recommended length is 6 characters A secure password is at least 8 cha...

Page 21: ...quenced according to where they appear in the document itself Each change entry provides a link to the related topic and a brief description of the change This document was updated on the following dates Section A 1 December 2007 on page 21 Section A 2 October 2007 on page 21 Section A 3 August 15 2006 on page 22 Section A 4 November 1 2005 on page 22 A 1 December 2007 Made editorial changes and r...

Page 22: ...upports encrypted iFolder storage To store the files encrypted the user must ensure that the iFolder is created encrypted before uploading the files Section 3 5 Using the Recovery Agent on page 18 The Novell iFolder 3 6 enterprise server uses a Recovery agent which is an X 509 certificate based entity used to recover a lost or otherwise unavailable key Section 3 6 Transferring the Encryption Key o...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands