NetIQ Access Manager 4.2 Service Pack 3 Security Guide
- NetIQ Access Manager 4.2 Service Pack 3 Security Guide
- Deployment Considerations
- Protecting Access Manager through Firewall
- Protecting Access Manager Setup behind NAT
- Protecting Identity Server behind Access Gateway
- Configuring Identity Server to Listen on Port 443
- Securing Administration Console
- Restricting Administration Console Access to only Private Network
- Managing Administration Console Session Timeout
- Securing iManager Login Settings
- Securing Administrator Accounts
- Security Measures for Delegated Administrators
- Protecting the Configuration Store
- Disabling Weak Protocols
- Configuring Stronger Ciphers for SSL Communication
- Enabling Perfect Forward Secrecy
- Adding HTTP Strict Transport Security
- Disabling SSL Renegotiations
- Customizing the Size of EDH Keys
- Preventing Error Messages to Show the Failure Reason on Browsers
- Running the DHost HTTP Server on localhost
- Configuring to Display a Generic Login Failure Message
- Disabling Access to the Tomcat Documents
- Samples of Recommended Settings in Configuration Files
- Securing Identity Server
- Disabling Unused Authentication Protocols
- Securing Authentication by Using Strong and Multi-Factor Authentication Methods
- Configuring SSL Communication between Browsers and Identity Server
- Configuring SSL Communication with Identity Server and a Service Provider
- Securing Federation
- Configuring a Whitelist of Target URL
- Blocking Access to Identity Server Pages
- Disabling Weak Protocols
- Configuring Stronger Ciphers for SSL Communication
- Enabling Perfect Forward Secrecy
- Disabling SSL Renegotiations
- Customizing the Size of EDH Keys
- Adding HTTP Strict Transport Security
- Preventing Clickjacking and XFS Attacks
- Preventing the Error Page to Display the Tomcat Version
- Preventing Error Messages to Display the Failure Reason on Browsers
- Securing Identity Server Web Service Interface
- Configuring Tomcat to Run as a Non-Administrator User
- Samples of Recommended Settings in Configuration Files
- Securing Access Gateway
- Enabling SSL Communication between Access Gateway and Identity Server
- Enabling Secure Cookies
- Disabling Phishing
- Disabling Weak Protocols
- Configuring Stronger Ciphers for SSL Communication
- Enabling Perfect Forward Secrecy
- Adding HTTP Strict Transport Security
- Preventing Error Messages to Show the Failure Reason on Browsers
- Disabling XFS in Access Gateway ESP
- Disabling XFS for Resources Protected by Access Gateway
- Configuring Tomcat to Run as a Non-Administrator User
- Samples of Recommended Settings
- Hardening Appliance
- Removing Unused Packages
- Reconfiguring Secure Shell Ciphers
- Configuring Secure Communication
- Configuring SSL in Identity Server
- Configuring SSL in Access Gateway
- Configuring SSL for Authentication between Identity Server and Access Gateway
- Using Trusted Certificates Authority
- Strengthening TLS/SSL Settings
- Disabling SSLv2 and SSLv3 Protocols
- Optimizing SSL Configuration with Ciphers
- Enabling Perfect Forward Secrecy
- Adding HTTP Strict Transport Security
- Disabling SSL Renegotiations
- Customizing the Size of Ephemeral Diffie-Hellman Keys
- Configuring Unlimited Strength Jurisdiction Policy Files
- Strengthening Certificates
- Key Size and Signature Algorithm Considerations
- Trusted Certificate Authorities
- Certificate Renewal
- Preventing XSS, XFS, and Clickjacking Attacks
- Preventing Cross-site Scripting Attacks
- Preventing Cross-Frame Scripting Attacks
- Preventing Clickjacking Attacks
- Getting the Latest Security Patches
- Legal Notice