Page 2
Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see the Novell Documentation Web page (http://www.novell.com/documentation).
Page 4
Novell Trademarks For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/ legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
8.8 documentation (http://www.novell.com/documentation/edir88/ treetitl.html) Novell iManager 2.7 documentation (http://www.novell.com/documentation/imanager27/ treetitl.html) Novell Technical Support (http://www.novell.com/support/) Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. About This Guide...
Page 8
® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
Security Best Practices Overview ® This section summarizes the recommended configurations and settings required to run Novell ® iFolder 3.7 and the iFolder client in a secure mode. Section 1.1, “Security Recommendations for iFolder 3.7,” on page 9 Section 1.2, “Security Recommendations for OES Linux,” on page 10 1.1 Security Recommendations for iFolder 3.7...
SimiasCert <RAW web.config file certificate/none) certificate> certificate> 1.2 Security Recommendations for OES Linux For information about security issues in Novell Open Enterprise Server, see the following sections in the Novell OES Planning and Implementation Guide (http://www.novell.com/documentation/oes/ implgde/data/front.html): “Authentication” (http://www.novell.com/documentation/oes/implgde/data/ authentication.html) “Security”...
Security Best Practices for Novell iFolder 3.7 ® This section provides specific instructions on how to install, configure, and maintain Novell ® iFolder 3.7 in the most secure way possible. Section 2.1, “Secure Communication with the LDAP Server,” on page 11 Section 2.2, “Communication between the Web Admin Server and the Web Admin Browser,”...
2.2 Communication between the Web Admin Server and the Web Admin Browser By default, the Novell iFolder Web Admin uses SSL for communications to the iFolder enterprise server being managed. For most deployments, this setting should not be changed. If the Web Admin service and the iFolder enterprise service are on the same server, SSL is not required.
2.7 Installing Trusted Roots and Certifications on the iFolder Server Novell OES 2 SP1 by default has the eDirectory CA and certificate which is used by Apache. You can manually install the trusted roots and the directory public key out-of-band. For information, see “Managing SSL Certificates for...
Audit logs should be monitored periodically. For information, see “Managing the Simias Log and Simias Access Log” in the OES 2 SP1: Novell iFolder 3.7 Administration Guide. OES 2 SP1 Linux: Novell iFolder 3.7 Security Administration Guide...
SSL to transfer data between the computers. It is not necessary to use SSL if the iFolder store and backup media are on the same computer. For information, see the following in the OES 2 SP1: Novell iFolder 3.7 Administration Guide: “Backing Up the iFolder Server”...
2.18 Loading the Recovery Agent Certificates The Novell iFolder service by default is not configured for the Recovery agent. During server configuration via YaST, ensure that the Recovery agent path is configured. This path should contain the list of certificates that the service can load for the users to select from. For more information on loading the Recovery agent certificates, see “Recovery Agent Certificates...
3.3 Configuring a Web Browser to Use SSL 3.0 Novell iFolder 3.7 servers expect users to connect to the enterprise server account and the Web access server with SSL 3.0 connections. Both the client and browser connections use the browser’s settings for SSL.
Section 3.5, “Using the Recovery Agent,” on page 3.5 Using the Recovery Agent The Novell iFolder 3.7 enterprise server uses a Recovery agent, which is an X.509 certificate-based entity used to recover a lost or otherwise unavailable key for encrypted iFolders.
4.3 Securing Communications with a VPN If SSL Is Disabled We recommend configuring Novell iFolder 3.7 to use encryption for all data exchanges between its different components because iFolder data is not encrypted by default. If you configure iFolder not to use encryption between the enterprise server and client or between the Web access server and the user’s Web browser, the user data is susceptible to eavesdropping or packet sniffing by third parties...
Uniqueness: Do not use the same passwords for all servers. Make sure to use separate passwords for each server so that if one server is compromised, all of your servers are not immediately at risk. OES 2 SP1 Linux: Novell iFolder 3.7 Security Administration Guide...
Refer to the publication date, which appears on the title page and the Legal Notices page, to determine the release date of this guide. For the most recent version of the Novell iFolder 3.x Security Administrator Guide, see the Novell iFolder 3.x documentation Web site (http://...
Access to And Backing Up the iFolder Audit Logs,” on page 14 Section 2.18, “Loading the The Novell iFolder service by default is not configured for the Recovery Recovery Agent agent. During server configuration via YaST, ensure that the Recovery Certificates,” on page 16 agent path is configured.
TLS,” on page 13 older versions of Windows, such as Windows 98, might still need those cipher suites for other services. A.5 November 1, 2005 The entire guide was reformatted to comply with revised Novell documentation standards. The content is unchanged. Documentation Updates...
Need help?
Do you have a question about the IFOLDER 3.7 - SECURITY ADMINISTRATION and is the answer not in the manual?
Questions and answers