Other Security Best Practices; Controlling Physical Access To The Ifolder Servers And Resources; Securing Access To The Servers With A Firewall; Securing Communications With A Vpn If Ssl Is Disabled - Novell IFOLDER 3.8 - SECURITY ADMINISTRATION Manual
Hide thumbs
Also See for IFOLDER 3.8 - SECURITY ADMINISTRATION:
- Manual (138 pages) ,
- Deployment manual (64 pages)
Table of Contents
Advertisement
Other Security Best Practices
4
This section discusses other security best practices for your Novell
and resources.
Section 4.1, "Controlling Physical Access to the iFolder Servers and Resources," on page 19
Section 4.2, "Securing Access to the Servers with a Firewall," on page 19
Section 4.3, "Securing Communications with a VPN If SSL Is Disabled," on page 19
Section 4.4, "Securing Wireless LAN Connections If SSL Is Disabled," on page 20
Section 4.5, "Creating Strong Password And Passphrase," on page 20
4.1 Controlling Physical Access to the iFolder
Servers and Resources
Servers must be kept in a physically secure location with access by authorized personnel only.
The corporate network must be physically secured against eavesdropping or packet sniffing.
4.2 Securing Access to the Servers with a
Firewall
If the iFolder enterprise server, Web Admin server or Web Access server is accessible from outside
the corporate network, a firewall should be employed to prevent direct access by a would-be
intruder.
4.3 Securing Communications with a VPN If SSL
Is Disabled
We recommend configuring Novell iFolder version 3.7 and later to use encryption for all data
exchanges between its different components because iFolder data is not encrypted by default. If you
configure iFolder not to use encryption between the enterprise server and client or between the Web
access server and the user's Web browser, the user data is susceptible to eavesdropping or packet
sniffing by third parties outside the corporate firewall.
Even if you consider the corporate environment to be a trusted environment, a VPN (virtual private
network) should be employed for server-client and server-browser connections in the following
situations:
When the users access the servers from outside of the corporate firewall
When the users access the servers across a wireless network. Wireless access points and
adapters broadcast data into space, where the signals can be intercepted by anyone with the
ability to listen in at the appropriate frequency.
For accessing the Web Access server over a VPN, make sure to disable split tunneling so that the
traffic goes through the VPN connection to the corporate network, not over the public Internet.
®
®
iFolder
3.7 and later servers
Other Security Best Practices
4
19
Advertisement
Chapters
Table of Contents
