Novell IFOLDER 3.7 - SECURITY ADMINISTRATION Manual

Hide thumbs Also See for IFOLDER 3.7 - SECURITY ADMINISTRATION:
Table of Contents

Advertisement

Security Administration Guide
Novell
®
iFolder
®
3.7
December 2008
OES 2 SP1 Linux: Novell iFolder 3.7 Security Administration Guide
AUTHORIZED DOCUMENTATION
www.novell.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IFOLDER 3.7 - SECURITY ADMINISTRATION and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Novell IFOLDER 3.7 - SECURITY ADMINISTRATION

  • Page 1 AUTHORIZED DOCUMENTATION Security Administration Guide Novell ® iFolder ® December 2008 www.novell.com OES 2 SP1 Linux: Novell iFolder 3.7 Security Administration Guide...
  • Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com Online Documentation: To access the online documentation for this and other Novell products, and to get updates, see the Novell Documentation Web page (http://www.novell.com/documentation).
  • Page 4 Novell Trademarks For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/ legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 5: Table Of Contents

    Security Recommendations for OES Linux ........10 2 Security Best Practices for Novell iFolder 3.7 Secure Communication with the LDAP Server.
  • Page 6 November 1, 2005 ............23 OES 2 SP1 Linux: Novell iFolder 3.7 Security Administration Guide...
  • Page 7: About This Guide

    8.8 documentation (http://www.novell.com/documentation/edir88/ treetitl.html) Novell iManager 2.7 documentation (http://www.novell.com/documentation/imanager27/ treetitl.html) Novell Technical Support (http://www.novell.com/support/) Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. About This Guide...
  • Page 8 ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
  • Page 9: Security Best Practices Overview

    Security Best Practices Overview ® This section summarizes the recommended configurations and settings required to run Novell ® iFolder 3.7 and the iFolder client in a secure mode. Section 1.1, “Security Recommendations for iFolder 3.7,” on page 9 Section 1.2, “Security Recommendations for OES Linux,” on page 10 1.1 Security Recommendations for iFolder 3.7...
  • Page 10: Security Recommendations For Oes Linux

    SimiasCert <RAW web.config file certificate/none) certificate> certificate> 1.2 Security Recommendations for OES Linux For information about security issues in Novell Open Enterprise Server, see the following sections in the Novell OES Planning and Implementation Guide (http://www.novell.com/documentation/oes/ implgde/data/front.html): “Authentication” (http://www.novell.com/documentation/oes/implgde/data/ authentication.html) “Security”...
  • Page 11: Security Best Practices For Novell Ifolder

    Security Best Practices for Novell iFolder 3.7 ® This section provides specific instructions on how to install, configure, and maintain Novell ® iFolder 3.7 in the most secure way possible. Section 2.1, “Secure Communication with the LDAP Server,” on page 11 Section 2.2, “Communication between the Web Admin Server and the Web Admin Browser,”...
  • Page 12: Communication Between The Web Admin Server And The Web Admin Browser

    2.2 Communication between the Web Admin Server and the Web Admin Browser By default, the Novell iFolder Web Admin uses SSL for communications to the iFolder enterprise server being managed. For most deployments, this setting should not be changed. If the Web Admin service and the iFolder enterprise service are on the same server, SSL is not required.
  • Page 13: Configuring A Cipher Suite To Use For Ssl/Tls

    2.7 Installing Trusted Roots and Certifications on the iFolder Server Novell OES 2 SP1 by default has the eDirectory CA and certificate which is used by Apache. You can manually install the trusted roots and the directory public key out-of-band. For information, see “Managing SSL Certificates for...
  • Page 14: Ensuring Privilege Separation For The Ifolder Proxy User

    Audit logs should be monitored periodically. For information, see “Managing the Simias Log and Simias Access Log” in the OES 2 SP1: Novell iFolder 3.7 Administration Guide. OES 2 SP1 Linux: Novell iFolder 3.7 Security Administration Guide...
  • Page 15: Storing Ifolder 3.7 Data Encrypted On The Server

    SSL to transfer data between the computers. It is not necessary to use SSL if the iFolder store and backup media are on the same computer. For information, see the following in the OES 2 SP1: Novell iFolder 3.7 Administration Guide: “Backing Up the iFolder Server”...
  • Page 16: Loading The Recovery Agent Certificates

    2.18 Loading the Recovery Agent Certificates The Novell iFolder service by default is not configured for the Recovery agent. During server configuration via YaST, ensure that the Recovery agent path is configured. This path should contain the list of certificates that the service can load for the users to select from. For more information on loading the Recovery agent certificates, see “Recovery Agent Certificates...
  • Page 17: Security Best Practices For The Ifolder Client

    3.3 Configuring a Web Browser to Use SSL 3.0 Novell iFolder 3.7 servers expect users to connect to the enterprise server account and the Web access server with SSL 3.0 connections. Both the client and browser connections use the browser’s settings for SSL.
  • Page 18: Creating An Encrypted Ifolder

    Section 3.5, “Using the Recovery Agent,” on page 3.5 Using the Recovery Agent The Novell iFolder 3.7 enterprise server uses a Recovery agent, which is an X.509 certificate-based entity used to recover a lost or otherwise unavailable key for encrypted iFolders.
  • Page 19: Other Security Best Practices

    4.3 Securing Communications with a VPN If SSL Is Disabled We recommend configuring Novell iFolder 3.7 to use encryption for all data exchanges between its different components because iFolder data is not encrypted by default. If you configure iFolder not to use encryption between the enterprise server and client or between the Web access server and the user’s Web browser, the user data is susceptible to eavesdropping or packet sniffing by third parties...
  • Page 20: Securing Wireless Lan Connections If Ssl Is Disabled

    Uniqueness: Do not use the same passwords for all servers. Make sure to use separate passwords for each server so that if one server is compromised, all of your servers are not immediately at risk. OES 2 SP1 Linux: Novell iFolder 3.7 Security Administration Guide...
  • Page 21: A Documentation Updates

    Refer to the publication date, which appears on the title page and the Legal Notices page, to determine the release date of this guide. For the most recent version of the Novell iFolder 3.x Security Administrator Guide, see the Novell iFolder 3.x documentation Web site (http://...
  • Page 22: December 2007

    Access to And Backing Up the iFolder Audit Logs,” on page 14 Section 2.18, “Loading the The Novell iFolder service by default is not configured for the Recovery Recovery Agent agent. During server configuration via YaST, ensure that the Recovery Certificates,” on page 16 agent path is configured.
  • Page 23: November 1, 2005

    TLS,” on page 13 older versions of Windows, such as Windows 98, might still need those cipher suites for other services. A.5 November 1, 2005 The entire guide was reformatted to comply with revised Novell documentation standards. The content is unchanged. Documentation Updates...

Table of Contents