Novell IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006 Administrator's Manual

Table of Contents

Advertisement

Quick Links

Novell iFolder 3.x Security Administrator Guide
Novell
®
iFolder
w w w . n o v e l l . c o m
3 . x
S E C U R I T Y A D M I N I S T R A T O R G U I D E
A u g u s t 1 5 , 2 0 0 6

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Novell IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006

  • Page 1 Novell iFolder 3.x Security Administrator Guide Novell ® iFolder w w w . n o v e l l . c o m 3 . x S E C U R I T Y A D M I N I S T R A T O R G U I D E...
  • Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For a list of Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/ legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 5: Table Of Contents

    Security Recommendations for OES Linux ........10 2 Security Best Practices for Novell iFolder 3.x Using SSL for Server - LDAP Server Communications .
  • Page 6 Novell iFolder 3.x Security Administrator Guide...
  • Page 7: About This Guide

    Please use the User Comment feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there. Documentation Updates For the most recent version of the Novell iFolder 3.x Security Administrator Guide, visit the Novell iFolder 3.x documentation Web site (http://www.novell.com/documentation/ifolder3/index.html).
  • Page 8 Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.
  • Page 9: Security Best Practices Overview

    Security Best Practices Overview ® This section summarizes the recommended configurations and settings required to run Novell ® iFolder 3.x and the iFolder client in a secure mode. • Section 1.1, “Security Recommendations for iFolder 3.x,” on page 9 •...
  • Page 10: 1.2 Security Recommendations For Oes Linux

    SimiasSSLPort = 443 /opt/novell/ (443/80) ifolder3/web/ web.config file 1.2 Security Recommendations for OES Linux For information about security issues in Novell Open Enterprise Server, see the following in the Novell OES Planning and Implementation Guide (http://www.novell.com/documentation/oes/ implgde/data/front.html): • “Authentication” (http://www.novell.com/documentation/oes/implgde/data/ authentication.html) •...
  • Page 11: Security Best Practices For Novell Ifolder

    Security Best Practices for Novell iFolder 3.x ® This section provides specific instructions on how to install, configure, and maintain Novell ® iFolder 3.x in the most secure way possible. • Section 2.1, “Using SSL for Server - LDAP Server Communications,” on page 11 •...
  • Page 12: Using Ssl For Enterprise Server - Imanager Communications

    2.2 Using SSL for Enterprise Server - iManager Communications By default, the Novell iFolder 3.x plug-in to iManager uses SSL for communications to the iFolder enterprise server being managed. For most deployments, this setting should not be changed. If the iManager server and the iFolder enterprise server are on the same computer, SSL is not required.
  • Page 13: Disabling Ssl 2.0 Protocol

    You should use valid certificates for both the Apache server and the communication between the Simias server and the Simias client daemon. Simias is the technology underpinning your iFolder server and client software. You should have the server pubic key signed by a known Certificate Security Best Practices for Novell iFolder 3.x...
  • Page 14: Using A Shared Certificate In Ifolder Clusters

    Proxy user is different than the one used for the iFolder Admin user and other system users. Separating the proxy user from the administrator provides privilege separation. The proxy user password is stored briefly in the /opt/novell/ifolder3/etc/simias- server-bootstrap.config on the iFolder server after configuring the iFolder enterprise server and before the iFolder service is started for the first time.
  • Page 15: Using Synchronize Now To Remove Users Effective Immediately

    2.16 Controlling Access to and Backing Up the iFolder Audit Logs By default, the iFolder server stores the audit logs in the /var/opt/novell/simias directory. The iFolder server administrator should guarantee that rights are not inadvertently assigned to unauthorized users. Administrators should also periodically back up the rolled-over logs in case they are ever needed for forensic purposes.
  • Page 16: Storing Ifolder 3.X Data Nonencrypted On The Server

    You should also enforce client-based virus scanning. For information, see “Configuring Local Virus Scanner Settings for iFolder Traffic” in the iFolder User Guide for Novell iFolder 3.x. 2.19 Backing Up the iFolder Server Backup of iFolder user data and configuration data should be performed regularly. Backup media should be stored in a secure offsite facility.
  • Page 17 Security Best Practices for Novell iFolder 3.x...
  • Page 18 Novell iFolder 3.x Security Administrator Guide...
  • Page 19: Security Best Practices For The Ifolder Client

    3.3 Configuring a Web Browser to Use SSL 3.0 Novell iFolder 3.x servers expect users to connect to the enterprise server account and the Web access server with SSL 3.0 connections. Both the client and browser connections use the browser’s settings for SSL.
  • Page 20 Novell iFolder 3.x Security Administrator Guide...
  • Page 21: Other Security Best Practices

    Other Security Best Practices ® ® This section discusses other security best practices for your Novell iFolder 3.x servers and resources. • Section 4.1, “Controlling Physical Access to the iFolder Servers and Resources,” on page 21 • Section 4.2, “Securing Access to the Servers with a Firewall,” on page 21 •...
  • Page 22: Securing Wireless Lan Connections If Ssl Is Disabled

    • Uniqueness: Do not use the same passwords for all servers. Make sure to use separate passwords for each server so that if one server is compromised, all of your servers are not immediately at risk. Novell iFolder 3.x Security Administrator Guide...
  • Page 23: A Documentation Updates

    Refer to the publication date, which appears on the front cover and the Legal Notices page, to determine the release date of this guide. For the most recent version of the Novell iFolder 3.x Security Administrator Guide, see the Novell iFolder 3.x documentation Web site (http://...

This manual is also suitable for:

Ifolder 3.x

Table of Contents