Novell iFOLDER 3.x, Administrator'S Manual

Page: 19 / 23

Security Best Practices for the iFolder Client
3
no
vd
ocx (
E
NU)
01
F
ebr
ua
ry
200
6
19
3
Security Best Practices for the
iFolder Client
This section provides specific instructions on how to install, configure, and maintain the iFolder
TM
client for Novell
®
iFolder
®
3. x in the most secure way possible.
• Section 3.1, “Configuring Client-Side Firewalls for iFolder Communications,” on page 19
• Section 3.2, “Configuring Client-Side Virus Scanners for iFolder Communications,” on
page 19
• Section 3.3, “Configuring a Web Browser to Use SSL 3.0,” on page 19
3.1 Configuring Client-Side Firewalls for iFolder
Communications
If users deploy a client-side firewall, they must set the firewall to allow the iFolder client to
communicate locally (on the same computer) with Mono XSP Server. iFolder communicates to
Mono
®
XSP Web services, which communicates, in turn, with the iFolder enterprise server via
HTTP BASIC or SSL, as governed by the system settings for the iFolder enterprise server. The user
can allow iFolder to choose a local dynamic port for local iFolder traffic, or configure a local static
port for iFolder to use for that purpose. For information, see “
Configuring Local Firewall Settings
for iFolder Traffic ” in the iFolder User Guide for Novell iFolder 3.x .
3.2 Configuring Client-Side Virus Scanners for
iFolder Communications
Because iFolder is a cross-platform distributed solution, there is a possibility of a virus infection on
one platform migrating across the iFolder server to other platforms, and vice versa. You should
enforce client-based virus scanning to prevent viruses from entering the corporate network.
Scanning the
..\simias\WorkArea\
directory for viruses causes problems with
synchronization if a virus is detected on download. The
..\simias\WorkArea\
directory is
where iFolder stages files for download from the server. Users should set their virus scanners to
avoid scanning the
..\simias\WorkArea
directory. Scanners can detect the virus when iFolder
moves the infected file from the staging area to the target iFolder. For information, see “ Configuring
Local Virus Scanner Settings for iFolder Traffic ” in the iFolder User Guide for Novell iFolder 3.x .
3.3 Configuring a Web Browser to Use SSL 3.0
Novell iFolder 3. x servers expect users to connect to the enterprise server account and the Web
access server with SSL 3.0 connections. Both the client and browser connections use the browser’s
settings for SSL. If Microsoft* IE is installed on your system, the iFolder client uses those settings
over any other browser configuration for the client. Make sure the IE browser settings and other
browsers you use to connect to iFolder servers are configured to use SSL 3.0.