protect your alfresco installation today: essential security tips
TRANSCRIPT
Protect your Alfresco Installation Today: Essential Security Tips
Protect your Alfresco Installation Today
Alfresco is one of the most famous document management system in the
world.
However like in case of all software tools, your Alfresco implementation is
only as strong as its configuration.
Protect your Alfresco Installation Today
For a secure Alfresco you need an air-tight defense from all possible points of attack.
So in this slide we are going to talk about securing your Alfresco installation.
Protect your Alfresco Installation Today
Now even before we begin, I cannot listdown all the possible configurations.
Instead I am going to focus on mainsecurity related considerations.
Checking ALL THE PASSWORDS
Checking All the Passwords
The most important aspects ofsecurity are passwords that can beused to access the documents.
Your passwords are your first line ofdefense so use as strong a passwordas possible.
Checking All the Passwords
➔ Change all the default passwords of the Alfresco installation.
➔ Change the default JMX passwords associated withcontrolRole and monitorRoleparameters.
Checking All the Passwords
➔ Check whether the passwords stored in Properties files are encrypted or not.
➔ Check the passwords and security of all connected API, and shared proxies.
Checking the Permissions
Checking All the Passwords
➔ If you are using linux, make sure that you are using non-root user for running application servers.
➔ If you are using Kerberos, check the ‘file-servers-custom.xml’ file’s permissions.
Checking All the Passwords
➔ Change the permissions at alfresco-global.properties,
to allow access of only application users.
➔ Disable guest users.
dir_root/contentstore, dir_root/solr, and dir_root/lucene-indexes
Checking All the Passwords
➔ If you are going to integrate Alfresco with third party tools (and we know that you are going to do that ;)) create a dedicated user to them allow access to Alfresco instead of giving them access via admin user.
➔ Unless and until your project specifically require them, set the Alfresco Share’s iFramePolicy to ‘deny’.
Checking the Permissions
➔ It’s recommended to disableall unneeded services to ensure best performance from Alfresco both from general, work and security point of view.
Checking the Permissions
Important configurations to check after every
installation
➔ Remove the Alfresco icon from the login page and if possible change the styling. Also, change the default login URLs to further ensure security.
Configurations to check after every installation
➔ Enable SSL for all major services. If you are using any third party authentication, run all authentication requests between Alfresco and server through an SSL secure server.
➔ Maintain a black/white list to configure HTML processing.
Configurations to check after every installation
➔ Configure your SecurityHeaderPolicy values and enable the services to secure yourself from clickjacking attacks.
➔ Create and maintain custom error message pages.
Configurations to check after every installation
➔ Enable auditing to check the performance of your system.
➔ Always set proper permissions for metadata files as well.
➔ Enable encryption in your Alfresco system.
Configurations to check after every installation
➔ Third party firewalls also play a major role in securing your application environment. You have to setup and configure the firewalls to maintain secure inbound and outbound traffic.
Configurations to check after every installation
Consult the expertswhen in doubt
Consult the experts when in doubt
Algoworks technologies has built its business working with Alfresco. We have built hundreds of Alfresco Projects combining the document manager with every popular technology.
We are world leaders in Alfresco Development and Customization.
[email protected] Toll Free : +1-877-284-1028
AuthorCo-Founder & Director
Open-Source | Salesforce | ECM
Pratyush is Co-Founder and Director at
Algoworks. He is responsible for managing,
growing open source technologies and
Salesforce CRM team .
He provides consulting and advisory to clients
looking for services relating to CRM(Customer
Relationship Management) and ECM(Enterprise
Content Management).
Pratyush Kumar
Write to me @ [email protected]
Learn about how Algoworks can help your business!
Call us at : +1-877-284-1028
Mail us at: [email protected]@algoworks.com
Official Blog Link: http://www.algoworks.com/blog/alfresco-installation-security-tips