NetIQ Access Manager 4.5 Security Guide

  NetIQ Access Manager 4.5 Security Guide

    Deployment Considerations

      Protecting Access Manager through Firewall

      Protecting Access Manager Setup behind NAT

      Protecting Identity Server behind Access Gateway

      Configuring Identity Server to Listen on Port 443

    Securing Administration Console

      Restricting Administration Console Access to only Private Network

      Managing Administration Console Session Timeout

      Securing iManager Login Settings

      Securing Administrator Accounts

      Protecting the Configuration Store

      Securing Configuration Store Using TLS Port

      Running the DHost HTTP Server on localhost

      Preventing SWEET32 Attack

      Default Security Settings in Configuration Files

    Securing Identity Server

      Disabling Unused Authentication Protocols

      Securing Authentication by Using Strong and Multi-Factor Authentication Methods

      Configuring SSL Communication between Browsers and Identity Server

      Configuring SSL Communication with Identity Server and a Service Provider

      Securing Federation

      Configuring a Whitelist of Target URL

      Blocking Access to Identity Server Pages

      Preventing the Error Page to Display the Tomcat Version

      Enabling Advanced Session Assurance

      Securing Identity Server Web Service Interface

      Enabling reCAPTCHA

      Preventing SWEET32 Attack

      Restricting the Direct Access to Files in the nidp Folder

      Default Security Settings in Configuration Files

      Configuring the Cookie Secure Flag

    Securing Access Gateway

      Enabling SSL Communication between Access Gateway and Identity Server

      Enabling Secure Cookies

      Disabling Phishing

      Disabling Weak Protocols between Access Gateway and Web Servers

      Configuring Stronger Ciphers for SSL Communication between Access Gateway and Web Servers

      Enabling Perfect Forward Secrecy

      Preventing Error Messages to Show the Failure Reason on Browsers

      Enabling Advanced Session Assurance

      Configuring Tomcat to Run as a Non-Administrator User

      AJP Communication Setting for Access Gateway

      Default Security Settings in Configuration Files

    Securing Analytics Server

      Customizing the Size of EDH Keys

      Configuring SSL in Analytics Server

      Disabling SSL Renegotiations

      Securing Analytics Server Cluster Communication

      Setting Analytics Dashboard Timeout

      Default Security Settings in Configuration Files

    Hardening Appliance

      Reconfiguring Secure Shell Ciphers

    Configuring Secure Communication

      Configuring SSL in Identity Server

      Configuring SSL in Access Gateway

      Configuring SSL for Authentication between Identity Server and Access Gateway

      Configuring SSL in Analytics Server

      Using Trusted Certificates Authority

    Strengthening TLS/SSL Settings

      Disabling SSLv2 and SSLv3 Protocols

      Optimizing SSL Configuration with Ciphers

      Enabling Perfect Forward Secrecy

      Adding HTTP Strict Transport Security

      Disabling SSL Renegotiations

      Customizing the Size of Ephemeral Diffie-Hellman Keys

    Strengthening Certificates

      Key Size and Signature Algorithm Considerations

      Trusted Certificate Authorities

      Certificate Renewal

    XSS, XFS, and Clickjacking Attacks

      Cross-site Scripting Attacks

      Cross-Frame Scripting Attacks

      Clickjacking Attacks

    Getting the Latest Security Patches

    Securing Access Manager Components on Cloud

      Prerequisite

      Protecting Administration Console on Cloud

    Restoring Previous Security Level After Upgrading Access Manager

      Restoring Previous Security Settings for Administration Console

      Restoring Previous Security Settings for Identity Server

      Restoring Previous Security Settings for Access Gateway

    Legal Notice