Summary of Contents for Novell IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
Page 1
Novell iFolder 3.x Security Administrator Guide Novell ® iFolder w w w . n o v e l l . c o m 3 . x S E C U R I T Y A D M I N I S T R A T O R G U I D E...
Page 2
Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3
Novell Trademarks For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/ legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
Please use the User Comment feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there. Documentation Updates For the most recent version of the Novell iFolder 3.x Security Administrator Guide, visit the Novell iFolder 3.x documentation Web site (http://www.novell.com/documentation/ifolder3/index.html).
Page 8
Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.
Security Best Practices Overview ® This section summarizes the recommended configurations and settings required to run Novell ® iFolder 3.x and the iFolder client in a secure mode. • Section 1.1, “Security Recommendations for iFolder 3.x,” on page 9 •...
SimiasSSLPort = 443 /opt/novell/ (443/80) ifolder3/web/ web.config file 1.2 Security Recommendations for OES Linux For information about security issues in Novell Open Enterprise Server, see the following in the Novell OES Planning and Implementation Guide (http://www.novell.com/documentation/oes/ implgde/data/front.html): • “Authentication” (http://www.novell.com/documentation/oes/implgde/data/ authentication.html) •...
Security Best Practices for Novell iFolder 3.x ® This section provides specific instructions on how to install, configure, and maintain Novell ® iFolder 3.x in the most secure way possible. • Section 2.1, “Using SSL for Server - LDAP Server Communications,” on page 11 •...
2.2 Using SSL for Enterprise Server - iManager Communications By default, the Novell iFolder 3.x plug-in to iManager uses SSL for communications to the iFolder enterprise server being managed. For most deployments, this setting should not be changed. If the iManager server and the iFolder enterprise server are on the same computer, SSL is not required.
You should use valid certificates for both the Apache server and the communication between the Simias server and the Simias client daemon. Simias is the technology underpinning your iFolder server and client software. You should have the server pubic key signed by a known Certificate Security Best Practices for Novell iFolder 3.x...
Proxy user is different than the one used for the iFolder Admin user and other system users. Separating the proxy user from the administrator provides privilege separation. The proxy user password is stored briefly in the /opt/novell/ifolder3/etc/simias- server-bootstrap.config on the iFolder server after configuring the iFolder enterprise server and before the iFolder service is started for the first time.
2.16 Controlling Access to and Backing Up the iFolder Audit Logs By default, the iFolder server stores the audit logs in the /var/opt/novell/simias directory. The iFolder server administrator should guarantee that rights are not inadvertently assigned to unauthorized users. Administrators should also periodically back up the rolled-over logs in case they are ever needed for forensic purposes.
You should also enforce client-based virus scanning. For information, see “Configuring Local Virus Scanner Settings for iFolder Traffic” in the iFolder User Guide for Novell iFolder 3.x. 2.19 Backing Up the iFolder Server Backup of iFolder user data and configuration data should be performed regularly. Backup media should be stored in a secure offsite facility.
Page 17
Security Best Practices for Novell iFolder 3.x...
3.3 Configuring a Web Browser to Use SSL 3.0 Novell iFolder 3.x servers expect users to connect to the enterprise server account and the Web access server with SSL 3.0 connections. Both the client and browser connections use the browser’s settings for SSL.
Other Security Best Practices ® ® This section discusses other security best practices for your Novell iFolder 3.x servers and resources. • Section 4.1, “Controlling Physical Access to the iFolder Servers and Resources,” on page 21 • Section 4.2, “Securing Access to the Servers with a Firewall,” on page 21 •...
• Uniqueness: Do not use the same passwords for all servers. Make sure to use separate passwords for each server so that if one server is compromised, all of your servers are not immediately at risk. Novell iFolder 3.x Security Administrator Guide...
Refer to the publication date, which appears on the front cover and the Legal Notices page, to determine the release date of this guide. For the most recent version of the Novell iFolder 3.x Security Administrator Guide, see the Novell iFolder 3.x documentation Web site (http://...
Need help?
Do you have a question about the IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006 and is the answer not in the manual?
Questions and answers