Page 2
Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3
Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see the Novell Documentation Web page (http://www.novell.com/documentation).
Page 4
Novell Trademarks For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/ legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
Security Recommendations for iFolder 3.7 and Later Versions ......9 2 Security Best Practices for Novell iFolder 3.7 and Later Versions Secure Communication with the LDAP Server.
Additional Documentation Novell iFolder 3.x documentation (http://www.novell.com/documentation/ifolder3/index.html) Novell Technical Support (http://www.novell.com/support/) Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( ) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.
Security Best Practices Overview ® This section summarizes the recommended configurations and settings required to run Novell ® iFolder and the iFolder client for versions 3.7 and later in a secure mode. Section 1.1, “Security Recommendations for iFolder 3.7 and Later Versions,” on page 9 1.1 Security Recommendations for iFolder 3.7...
Security Best Practices for Novell iFolder 3.7 and Later Versions ® This section provides specific instructions on how to install, configure, and maintain Novell ® iFolder 3.7 and later versions in the most secure way possible. Section 2.1, “Secure Communication with the LDAP Server,” on page 11 Section 2.2, “Communication between the Web Admin Server and the Web Admin Browser,”...
2.2 Communication between the Web Admin Server and the Web Admin Browser By default, the Novell iFolder Web Admin uses SSL for communications to the iFolder enterprise server being managed. For most deployments, this setting should not be changed. If the Web Admin service and the iFolder enterprise service are on the same server, SSL is not required.
IP address that all of the nodes in the cluster share. For information, see “Configuring Apache to Point to an SSL Certificate on an iFolder Server” in the Novell iFolder 3.8 Administration Guide. Security Best Practices for Novell iFolder 3.7 and Later Versions...
Administrators should also periodically back up the rolled-over logs in case they are ever needed for forensic purposes. Audit logs should be monitored periodically. For information, see “Managing the Simias Log and Simias Access Log” in the Novell iFolder 3.8 Administration Guide. Novell iFolder 3.8 Security Administration Guide...
This way, your tapes are tracked via bar codes, stored in environmentally friendly conditions, and are handled by a company whose reputation rests on its ability to handle your media properly. Security Best Practices for Novell iFolder 3.7 and Later Versions...
2.18 Loading the Recovery Agent Certificates The Novell iFolder service by default is not configured for the Recovery agent. During server configuration, ensure that the Recovery agent path is configured. This path should contain the list of certificates that the service can load for the users to select from. For more information on loading the Recovery agent certificates, see “Recovery Agent Certificates...
3.3 Configuring a Web Browser to Use SSL 3.0 Novell iFolder 3.7 and later servers expect users to connect to the enterprise server account and the Web access server with SSL 3.0 connections. Both the client and browser connections use the browser’s settings for SSL.
Section 3.5, “Using the Recovery Agent,” on page 3.5 Using the Recovery Agent The Novell iFolder 3.7 and later enterprise server uses a Recovery agent, which is an X.509 certificate-based entity used to recover a lost or otherwise unavailable key for encrypted iFolders.
4.3 Securing Communications with a VPN If SSL Is Disabled We recommend configuring Novell iFolder version 3.7 and later to use encryption for all data exchanges between its different components because iFolder data is not encrypted by default. If you configure iFolder not to use encryption between the enterprise server and client or between the Web access server and the user’s Web browser, the user data is susceptible to eavesdropping or packet...
Uniqueness: Do not use the same passwords for all servers. Make sure to use separate passwords for each server so that if one server is compromised, all of your servers are not immediately at risk. Novell iFolder 3.8 Security Administration Guide...
Refer to the publication date, which appears on the title page and the Legal Notices page, to determine the release date of this guide. For the most recent version of the Novell iFolder 3.x Security Administrator Guide, see the Novell iFolder 3.x documentation Web site (http://...
Audit Logs,” on page 14 Section 2.18, “Loading the The Novell iFolder service by default is not configured for the Recovery Recovery Agent agent. During server configuration, ensure that the Recovery agent path is Certificates,” on page 16 configured.
A.5 November 1, 2005 The entire guide was reformatted to comply with revised Novell documentation standards. The content is unchanged. Documentation Updates...