Novell IFOLDER 3.6 - SECURITY ADMINISTRATION Скачать руководство пользователя страница 17 | Manualshive

Страница: 17 / 22

Novell IFOLDER 3.6 - SECURITY ADMINISTRATION Скачать руководство пользователя страница 17

Security Best Practices for the iFolder Client

3

17

n

ov

do

cx (e

n)

11
Ju

ly 20

08

3

Security Best Practices for the
iFolder Client

This section provides specific instructions on how to install, configure, and maintain the iFolder

TM

client for Novell

®

iFolder

®

3.6 in the most secure way possible.

Section 3.1, “Configuring Client-Side Firewalls for iFolder Communications,” on page 17

Section 3.2, “Configuring Client-Side Virus Scanners for iFolder Communications,” on
page 17

Section 3.3, “Configuring a Web Browser to Use SSL 3.0,” on page 17

Section 3.4, “Creating an Encrypted iFolder,” on page 18

Section 3.5, “Using the Recovery Agent,” on page 18

Section 3.6, “Transferring the Encryption Key,” on page 18

3.1 Configuring Client-Side Firewalls for iFolder

Communications

If users deploy a client-side firewall, they must set the firewall to allow the iFolder client to
communicate locally (on the same computer) with Mono

®

XSP Server. iFolder communicates to

Mono XSP Web services, which communicates, in turn, with the iFolder enterprise server via HTTP
BASIC or SSL, as governed by the system settings for the iFolder enterprise server. The user can
allow iFolder to choose a local dynamic port for local iFolder traffic, or configure a local static port
for iFolder to use for that purpose.

3.2 Configuring Client-Side Virus Scanners for

iFolder Communications

Because iFolder is a cross-platform distributed solution, there is a possibility of a virus infection on
one platform migrating across the iFolder server to other platforms, and vice versa. You should
enforce client-based virus scanning to prevent viruses from entering the corporate network.

Scanning the

..\simias\WorkArea\

directory for viruses causes problems with

synchronization if a virus is detected on download. The

..\simias\WorkArea\

directory is

where iFolder stages files for download from the server. Users should set their virus scanners to
avoid scanning the

..\simias\WorkArea

directory. Scanners can detect the virus when iFolder

moves the infected file from the staging area to the target iFolder.

3.3 Configuring a Web Browser to Use SSL 3.0

Novell iFolder 3.6 servers expect users to connect to the enterprise server account and the Web
access server with SSL 3.0 connections. Both the client and browser connections use the browser’s
settings for SSL. If Microsoft* IE is installed on your system, the iFolder client uses those settings
over any other browser configuration for the client. Make sure the IE browser settings and other
browsers you use to connect to iFolder servers are configured to use SSL 3.0.

«
...
15
16
17
18
19
...
»

Содержание IFOLDER 3.6 - SECURITY ADMINISTRATION

Страница 1: ...Novell www novell com novdocx en 11 July 2008 AUTHORIZED DOCUMENTATION Novell iFolder 3 6 Security Administration Guide iFolder 3 6 December 2007 Security Administration Guide ...

Страница 2: ... Cover Texts A copy of the GFDL can be found at the GNU Free Documentation Licence http www fsf org licenses fdl html THIS DOCUMENT AND MODIFIED VERSIONS OF THIS DOCUMENT ARE PROVIDED UNDER THE TERMS OF THE GNU FREE DOCUMENTATION LICENSE WITH THE FURTHER UNDERSTANDING THAT 1 THE DOCUMENT IS PROVIDED ON AN AS IS BASIS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING WITHOUT LIMITA...

Страница 3: ...yman Street Suite 500 Waltham MA 02451 U S A www novell com Online Documentation To access the online documentation for this and other Novell products and to get updates see the Novell Documentation Web page http www novell com documentation ...

Страница 4: ...demarks For a list of Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the property of their respective owners ...

Страница 5: ... 14 2 11 Using Synchronize Now to Remove Users 14 2 12 Controlling Access to the iFolder Data Store 14 2 13 Controlling Access to the iFolder Server Configuration Files 14 2 14 Controlling Access to And Backing Up the iFolder Audit Logs 15 2 15 Storing iFolder 3 6 Data Encrypted on the Server 15 2 16 Preventing the Propagation of Viruses 15 2 17 Backing Up the iFolder Server 15 2 18 Loading the Re...

Страница 6: ...6 Novell iFolder 3 6 Security Administration Guide novdocx en 11 July 2008 A Documentation Updates 21 A 1 December 2007 21 A 2 October 2007 21 A 3 August 15 2006 22 A 4 November 1 2005 22 ...

Страница 7: ...r comments there Documentation Updates For the most recent version of the Novell iFolder 3 x Security Administrator Guide visit the Novell iFolder 3 x documentation Web site http www novell com documentation ifolder3 index html For emerging issues with Novell iFolder 3 6 and the iFolder client see the Novell iFolder 3 6 Readme http www novell com documentation beta ifolder3 Additional Documentatio...

Страница 8: ...k An asterisk denotes a third party trademark When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms the pathname is presented with a backslash Users of platforms that require a forward slash such as Linux or UNIX should use forward slashes as required by your software ...

Страница 9: ...rity SSL for server to LDAP server communications Novell iManager iFolder 3 6 Launch iFolder Web Admin Console Servers Server Details LDAP SSL Yes Select Yes to enable SSL deselect Yes No to disable SSL Yes SSL enabled Yes SSL enabled Web browser to iManager Server communications HTTPS and Novell eDirectoryTM authentication HTTPS and eDirectory authentication HTTPS and eDirectory authentication iF...

Страница 10: ...urity issues in Novell Open Enterprise Server see the following sections in the Novell OES Planning and Implementation Guide http www novell com documentation oes implgde data front html Authentication http www novell com documentation oes implgde data authentication html Security http www novell com documentation oes implgde data security html ...

Страница 11: ... 11 Using Synchronize Now to Remove Users on page 14 Section 2 12 Controlling Access to the iFolder Data Store on page 14 Section 2 13 Controlling Access to the iFolder Server Configuration Files on page 14 Section 2 14 Controlling Access to And Backing Up the iFolder Audit Logs on page 15 Section 2 15 Storing iFolder 3 6 Data Encrypted on the Server on page 15 Section 2 16 Preventing the Propagat...

Страница 12: ...performance Currently you cannot change this setting for iFolder You should use a VPN virtual private network for communications over wireless networks and outside the firewall For information see Section 4 3 Securing Communications with a VPN If SSL Is Disabled on page 19 2 4 Web Access Server Communications By default the iFolder Web Access server is configured to require SSL All Web browser bas...

Страница 13: ... old and older versions of Windows such as Windows 98 might still need those cipher suites for other services For information see Configuring the SSL Cipher Suites for the Apache Server in the OES2 Novell iFolder 3 6 Administration Guide For information about configuring strong SSL TLS security solutions see SSL TLS Strong Encryption How To http httpd apache org docs 2 0 ssl ssl_howto html on the ...

Страница 14: ...ly in the data path simias local if directory on the iFolder server after configuring the iFolder enterprise server and before the iFolder service is started for the first time The restart of Apache is forced at the end of the configuration process which starts the iFolder service During the initial startup the iFolder process reads the file stores the password in reversible encrypted format in th...

Страница 15: ...gation of Viruses Because iFolder is a cross platform distributed solution there is a possibility of a virus infection on one platform migrating across the iFolder server to other platforms and vice versa You should enforce server based virus scanning to prevent viruses from entering the corporate network You should also enforce client based virus scanning 2 17 Backing Up the iFolder Server Backin...

Страница 16: ...acked via bar codes stored in environmentally friendly conditions and are handled by a company whose reputation rests on its ability to handle your media properly 2 18 Loading the Recovery Agent Certificates The Novell iFolder service by default is not configured for the Recovery agent During server configuration via YaST ensure that the Recovery agent path is configured This path should contain t...

Страница 17: ...cal iFolder traffic or configure a local static port for iFolder to use for that purpose 3 2 Configuring Client Side Virus Scanners for iFolder Communications Because iFolder is a cross platform distributed solution there is a possibility of a virus infection on one platform migrating across the iFolder server to other platforms and vice versa You should enforce client based virus scanning to prev...

Страница 18: ...er data or the encrypted key used for recovering it In this case the Recovery agent that is selected when the passphrase is set helps in recovering the encryption key For more information on the Recovery agent see the Section 3 5 Using the Recovery Agent on page 18 3 5 Using the Recovery Agent The Novell iFolder 3 6 enterprise server uses a Recovery agent which is an X 509 certificate based entity...

Страница 19: ...o prevent direct access by a would be intruder 4 3 Securing Communications with a VPN If SSL Is Disabled We recommend configuring Novell iFolder 3 6 to use encryption for all data exchanges between its different components because iFolder data is not encrypted by default If you configure iFolder not to use encryption between the enterprise server and client or between the Web access server and the...

Страница 20: ...al for small networks but it is a time consuming administrative effort for large networks Use an anonymous Service Set Identifier SSID by turning off the SSID broadcast for access points 4 5 Creating Strong Password And Passphrase Make sure to employ security best practices for passwords such as the following Length The minimum recommended length is 6 characters A secure password is at least 8 cha...

Страница 21: ...quenced according to where they appear in the document itself Each change entry provides a link to the related topic and a brief description of the change This document was updated on the following dates Section A 1 December 2007 on page 21 Section A 2 October 2007 on page 21 Section A 3 August 15 2006 on page 22 Section A 4 November 1 2005 on page 22 A 1 December 2007 Made editorial changes and r...

Страница 22: ...upports encrypted iFolder storage To store the files encrypted the user must ensure that the iFolder is created encrypted before uploading the files Section 3 5 Using the Recovery Agent on page 18 The Novell iFolder 3 6 enterprise server uses a Recovery agent which is an X 509 certificate based entity used to recover a lost or otherwise unavailable key Section 3 6 Transferring the Encryption Key o...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды