Novell iFOLDER 3.x, Administrator'S Manual

Page: 22 / 23

22 Novell iFolder 3.x Security Administrator Guide
no
vd
ocx (
E
NU)
01
F
ebr
ua
ry
200
6
For information about configuring SSL features for these communications, see the following:
• Section 2.3, “Using SSL for Enterprise Server - Client Communications,” on page 12
• Section 2.5, “Using SSL for Web Access Server - Users’ Web Browser Communications,” on
page 12
4.4 Securing Wireless LAN Connections If SSL Is
Disabled
Protecting a wireless network requires forethought and planning, just as protecting a wired network
does. Among the key protective measures to be undertaken are:
• Enable WEP (Wired Equivalent Privacy) encryption, but do not rely on WEP alone to provide
security for the wireless network. Use other typical LAN security mechanisms such as VPNs,
firewalls, and authentication to ensure privacy. For information, see
Section 4.3, “Securing
Communications with a VPN If SSL Is Disabled,” on page 21 .
• Survey the interference and jamming likelihood for a planned wireless LAN before it is
installed.
• Change the default manufacturer’s password for your wireless access points, gateways, or
routers.
• Limit, as much as is possible, who can attach to a wireless network. For example, using MAC
address filtering is practical for small networks, but it is a time-consuming administrative effort
for large networks.
• Use an anonymous Service Set Identifier (SSID) by turning off the SSID broadcast for access
points.
4.5 Creating Strong Passwords
Make sure to employ security best practices for passwords, such as the following:
• Length: The minimum recommended length is 6 characters. A secure password is at least 8
characters; longer passwords are better.
• Complexity: A secure password contains a mix of letters and numbers. It should contain both
uppercase and lowercase letters and at least one numeric character. Adding numbers to
passwords, especially when added to the middle and not just at the beginning or the end, can
enhance password strength. Special characters such as
&
,
$
, and
>
can greatly improve the
strength of a password.
Do not use recognizable words, such as proper names or words from a dictionary, even if they
are bookended with numbers. Do not use personal information, such as phone numbers, birth
dates, anniversary dates, addresses, or zip codes. Do not invert recognizable information;
inverting bad passwords does not make them more secure.
• Uniqueness: Do not use the same passwords for all servers. Make sure to use separate
passwords for each server so that if one server is compromised, all of your servers are not
immediately at risk.