Restricting The Network Address For Administration; General Security Guidelines; Security Information For Dependent Products - Novell BUSINESS CONTINUITY CLUSTERING 1.2.1 - ADMINISTRATION Administration Manual

Value
10.1.1.10:1234
http://10.1.1.10
http://10.1.1.10:1234

14.2.4 Restricting the Network Address for Administration

You can restrict the network address to the loopback address (127.0.0.1) to increase the security for
the BCC Administrator user (bccadmin).
BCC makes a secure connection to OpenWBEM over port 5989 on both the remote and local boxes.
This port can be changed.
The
cluster connection
time a status update was performed. Typically, this occurs every 30 seconds on the cluster's master
node, and every hour on its slaves. Running the following command forces a status update:
cluster refresh -p
OpenWBEM then makes an NCP
OpenWBEM. The NCP connection itself goes to the loopback address.

14.3 General Security Guidelines

Servers should be kept in a physically secure location with access by authorized personnel only.
The corporate network should be physically secured against eavesdropping or packet sniffing.
Any packets associated with the administration of BCC should be the most secured.
Access to BCC configuration settings and logs should be restricted. This includes file system
access rights, FTP access, access via Web utilities, SSH, and any other type of access to these
files.
Services that are used to send BCC data to other servers or e-mail accounts or that protect BCC
data should be examined periodically to ensure that they have not been tampered with.
When synchronizing cluster or user information between servers outside the corporate firewall,
the HTTPS protocol should be employed. Because resource script information is passed
between clusters, strong security precautions should be taken.
When a BCC is administered by users outside of the corporate firewall, the HTTPS protocol
should be used. A VPN should also be employed.
If a server is accessible from outside the corporate network, a local server firewall should be
employed to prevent direct access by a would-be intruder.
Audit logs should be kept and analyzed periodically.
14.4 Security Information for Dependent
Products
Table 14-5
security of BCC:
130 BCC 1.2.1: Administration Guide for OES 2 SP2 Linux
Protocol Used
HTTPS
HTTP
HTTP
command reports the status of the OpenWBEM connection from the last
TM
provides links to security-related information for other products that can impact the
connection to check the rights of the user who authenticated to
Port Used
1234
5988
1234