User manual NOVELL IFOLDER 3.X SECURITY ADMINISTRATOR GUIDE 08-15-2006
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual NOVELL IFOLDER 3.X. We hope that this NOVELL IFOLDER 3.X user guide will be useful to you.
Lastmanuals help download the user guide NOVELL IFOLDER 3.X.
Manual abstract: user guide NOVELL IFOLDER 3.XSECURITY ADMINISTRATOR GUIDE 08-15-2006
Detailed instructions for use are in the User's Guide.
[. . . ] Novell iFolder 3. x Security Administrator Guide novdocx (ENU) 01 February 2006
Novell ® iFolder
3. x
SECURITY ADMINISTRATOR GUIDE
August 15, 2006
www. novell. com
novdocx (ENU) 01 February 2006
Legal Notices
Novell, Inc. , makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. , makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. [. . . ] For information about configuring strong SSL/TLS security solutions, see SSL/TLS Strong Encryption: How-To (http://httpd. apache. org/docs/2. 0/ssl/ssl_howto. html) on the Apache. org Web site.
2. 8 Installing Trusted Roots and Certifications on the iFolder server
You should manually install the trusted roots and the directory public key out-of-band. For information, see "Managing SSL Certificates for Apache" in the Novell iFolder 3. x Administration Guide.
2. 9 Installing Server Certificates from a Known Certificate Authority
You should use valid certificates for both the Apache server and the communication between the Simias server and the Simias client daemon. Simias is the technology underpinning your iFolder server and client software. You should have the server pubic key signed by a known Certificate
Security Best Practices for Novell iFolder 3. x
13
novdocx (ENU) 01 February 2006
Authority (CA). For information, see "Generating an SSL Certificate for the Server" in the Novell iFolder 3. x Administration Guide.
2. 10 Using a Shared Certificate in iFolder Clusters
For a cluster where all of the nodes are acting like the same machine when they are taking their turn hosting, the user should have a single certificate (for the highly available IP address) that all of the nodes in the cluster share. For information, see "Configuring Apache to Point to an SSL Certificate on a Shared Volume for an iFolder Cluster" in the Novell iFolder 3. x Administration Guide.
2. 11 Ensuring Privilege Separation for the iFolder Proxy User
The iFolder Proxy user is a proxy user identity used to access the LDAP server with Read access to retrieve a list of authorized users. The proxy user is automatically created during the iFolder enterprise server configuration in YaST. The username is autogenerated to be unique on the system. For most deployments, this username should never change. The iFolder Admin user or equivalent can use the iFolder 3. x iManager plug-in to change the iFolder Proxy user identity in the LDAP settings for the iFolder server. Make sure that the user account assigned as the iFolder Proxy user is different than the one used for the iFolder Admin user and other system users. Separating the proxy user from the administrator provides privilege separation. The proxy user password is stored briefly in the /opt/novell/ifolder3/etc/simiasserver-bootstrap. config on the iFolder server after configuring the iFolder enterprise server and before the iFolder service is started for the first time. The restart of Apache is forced at the end of the configuration process, which starts the iFolder service. During the initial startup, the iFolder process reads the simias-server-bootstrap. config file, stores the password in reversible encrypted format in the server's Simias database, and then removes the password from the file. For information, see "Admin User Considerations" in the Novell iFolder 3. x Administration Guide. For information about modifying the password, see the iFolder Proxy User setting in "Modifying the iFolder LDAP Settings" in the Novell iFolder 3. x Administration Guide.
2. 12 Securing the iFolder Proxy User Password
The iFolder Proxy user's password is used to authenticate the iFolder Proxy user to the LDAP server when iFolder synchronizes users for the iFolder user list. When you initially configure the iFolder enterprise server in YaST, iFolder autogenerates a password for the iFolder proxy user, using the BASH random number generator for a number between 0 and 10, 000. Initially, the password for the iFolder Proxy user is stored in clear text in the /opt/novell/ifolder3/etc/simias-server-bootstrap. config file. At the end of the configuration process, the system reboots Apache 2 and starts iFolder. When iFolder runs this first time after configuration, the iFolder process copies the simias-server-bootstrap. config file to the Simias. config file. The default location of the Simias. config file is /var/lib/wwwrun/ . local/share/simias directory or the /home/wwwrun/. local/share/simias directory. [. . . ] · Limit, as much as is possible, who can attach to a wireless network. For example, using MAC address filtering is practical for small networks, but it is a time-consuming administrative effort for large networks. · Use an anonymous Service Set Identifier (SSID) by turning off the SSID broadcast for access points.
4. 5 Creating Strong Passwords
Make sure to employ security best practices for passwords, such as the following: · Length: The minimum recommended length is 6 characters. A secure password is at least 8 characters; longer passwords are better. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE NOVELL IFOLDER 3.X
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.
Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual NOVELL IFOLDER 3.X will begin.