Related Manuals for Novell IFOLDER 3.6 - SECURITY ADMINISTRATION
Summary of Contents for Novell IFOLDER 3.6 - SECURITY ADMINISTRATION
- Page 1 AUTHORIZED DOCUMENTATION Security Administration Guide Novell ® iFolder ® December 2007 www.novell.com Novell iFolder 3.6 Security Administration Guide...
- Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
- Page 3 Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see the Novell Documentation Web page (http://www.novell.com/documentation).
- Page 4 Novell Trademarks For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/ legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
-
Page 5: Table Of Contents
Security Recommendations for OES Linux ........10 2 Security Best Practices for Novell iFolder 3.6 Secure Communication with the LDAP Server. - Page 6 November 1, 2005 ............22 Novell iFolder 3.6 Security Administration Guide...
-
Page 7: About This Guide
8.8 documentation (http://www.novell.com/documentation/edir88/ treetitl.html) Novell iManager 2.7 documentation (http://www.novell.com/documentation/imanager27/ treetitl.html) Novell Technical Support (http://www.novell.com/support/) Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. About This Guide... - Page 8 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
-
Page 9: Security Best Practices Overview
Security Best Practices Overview ® This section summarizes the recommended configurations and settings required to run Novell ® iFolder 3.6 and the iFolder client in a secure mode. Section 1.1, “Security Recommendations for iFolder 3.6,” on page 9 Section 1.2, “Security Recommendations for OES Linux,” on page 10 1.1 Security Recommendations for iFolder 3.6... -
Page 10: Security Recommendations For Oes Linux
1.2 Security Recommendations for OES Linux For information about security issues in Novell Open Enterprise Server, see the following sections in the Novell OES Planning and Implementation Guide (http://www.novell.com/documentation/oes/ implgde/data/front.html): “Authentication” (http://www.novell.com/documentation/oes/implgde/data/ authentication.html) “Security” (http://www.novell.com/documentation/oes/implgde/data/security.html) Novell iFolder 3.6 Security Administration Guide... -
Page 11: Security Best Practices For Novell Ifolder
Security Best Practices for Novell iFolder 3.6 ® This section provides specific instructions on how to install, configure, and maintain Novell ® iFolder 3.6 in the most secure way possible. Section 2.1, “Secure Communication with the LDAP Server,” on page 11 Section 2.2, “Communication between the Web Admin Server and the Web Admin Browser,”... -
Page 12: Communication Between The Web Admin Server And The Web Admin Browser
2.2 Communication between the Web Admin Server and the Web Admin Browser By default, the Novell iFolder Web Admin uses SSL for communications to the iFolder enterprise server being managed. For most deployments, this setting should not be changed. If the Web Admin service and the iFolder enterprise service are on the same server, SSL is not required. -
Page 13: Configuring A Cipher Suite To Use For Ssl/Tls
You should have the server public key signed by a known certificate authority (CA). For information, see “Generating an SSL Certificate for the Server” in the OES2: Novell iFolder 3.6 Administration Guide. Security Best Practices for Novell iFolder 3.6... -
Page 14: Using A Shared Certificate In Ifolder Clusters
The iFolder server stores the configuration files in the /<data path>/simias directory. The Apache Server user wwwrun owns the configuration file. You must use every precaution to avoid inadvertently assigning rights to unauthorized users. Novell iFolder 3.6 Security Administration Guide... -
Page 15: Controlling Access To And Backing Up The Ifolder Audit Logs
For sensitive data, use one of the following methods to encrypt the data backup: Encrypt the data itself if the application that creates the data supports encryption. For example, database products and third-party tools support data encryption. Security Best Practices for Novell iFolder 3.6... -
Page 16: Loading The Recovery Agent Certificates
2.18 Loading the Recovery Agent Certificates The Novell iFolder service by default is not configured for the Recovery agent. During server configuration via YaST, ensure that the Recovery agent path is configured. This path should contain the list of certificates that the service can load for the users to select from. For more information on loading the Recovery agent certificates, see “Loading Recovery Agent Certificates in The iFolder... -
Page 17: Security Best Practices For The Ifolder Client
3.3 Configuring a Web Browser to Use SSL 3.0 Novell iFolder 3.6 servers expect users to connect to the enterprise server account and the Web access server with SSL 3.0 connections. Both the client and browser connections use the browser’s settings for SSL. -
Page 18: Creating An Encrypted Ifolder
Section 3.5, “Using the Recovery Agent,” on page 3.5 Using the Recovery Agent The Novell iFolder 3.6 enterprise server uses a Recovery agent, which is an X.509 certificate-based entity used to recover a lost or otherwise unavailable key. iFolder prompts a user to select a Recovery agent from a list when the user specifies specifies the passphrase for an encrypted iFolder. -
Page 19: Other Security Best Practices
4.3 Securing Communications with a VPN If SSL Is Disabled We recommend configuring Novell iFolder 3.6 to use encryption for all data exchanges between its different components because iFolder data is not encrypted by default. If you configure iFolder not to use encryption between the enterprise server and client or between the Web access server and the user’s Web browser, the user data is susceptible to eavesdropping or packet sniffing by third parties... -
Page 20: Securing Wireless Lan Connections If Ssl Is Disabled
Uniqueness: Do not use the same passwords for all servers. Make sure to use separate passwords for each server so that if one server is compromised, all of your servers are not immediately at risk. Novell iFolder 3.6 Security Administration Guide... - Page 21 Refer to the publication date, which appears on the title page and the Legal Notices page, to determine the release date of this guide. For the most recent version of the Novell iFolder 3.x Security Administrator Guide, see the Novell iFolder 3.x documentation Web site (http://...
- Page 22 Windows, such as Windows 98, might still need those cipher suites for other services. A.4 November 1, 2005 The entire guide was reformatted to comply with revised Novell documentation standards. The content is unchanged. Novell iFolder 3.6 Security Administration Guide...