Twitter
Linkedin
Youtube
Github
Es
Toggle navigation
Solutions
Success stories
News
About us
Talent
Contact
ALL
ELK
Events
alfresco
certificates
cloudera
corporate
formación
hadoop ecosystem
hive
home
hortonworks
industry 4.0
innovación / i+d
java
liferay
linux
magnolia
nifi
pentaho
sinadura
tech
valamis
alfresco
Notes on Alfresco Security
Cesar Capillas
Published Date
5 Years Ago - 7260 Views
This week I'm in London during Alfresco Summit 2014 conferences. While attending
Alfresco security keynote of Toni de la Fuente
, I compiled some notes for the
Alfresco Training Blog Post
. It is better explained in
Alfresco Security Best Practices
and the keynote, but you can use this as a basic checklist.
Keep updated, it's a basic about security (last service pack or hotfix of your alfresco version).
Remember to change admin and JMX passwords.
Run application as non-root user nating priviledged ports via iptables.
Use iptables to control local Alfresco ports.
Set chmod 0600 permissions for alfresco-global.properties, dir.root/contentstore, dir.root/solr and any other file that could contain password information, for example, ldap-authentication.properties
Use different tiers and machine for frontend, Alfresco share app, Alfresco Repository, SOLR, Transformation and Database Server when possible.
Use firewalls policies for inbound and outbound traffic.
Use secure HTTP connections, at least in the frontend tier.
Use SSL in protocols like FTP, IMAP, SMTP, Sharepoint. Also in LDAP.
Disable unneeded services such as transfer service, replication, audit, protocols or system quotas if it is not required for the project.
Disable guest user for alfresco authentication subsystems (alfresco NTLM and ldap).
Monitor your Alfresco instance via Nagios/Icinga plugin or JMX (i.e jmxterm), for example paratemers such as JVM heap, threads, database connections, active users, disk usage....
Backup and restore procedure tested, for example with Alfresco BART.
Set ticket and session timeout of Share and Repository applications, taking in consideration if other timeouts affect (for example, cookie based SSO external authentication timeout).
Check server logs periodically.
Check CSRF policies in Alfresco Share.
Use Apache frontend config for allowing and restricting access to Alfresco API (/alfresco/service/*, /alfresco/proxy).
Use Secure cookies.
The final security check list appendix of the paper, is a
MUST
in an Alfresco installation.
wrie
Comment (0)
0
0
twitter
social-facebook
social-linkedin
share
Google+
Related Assets:
Change Alfresco ports in Alfresco 5
More Blog Entries
Primeras confirmaciones en el programa de la LibreCon. ¿Nos vemos allí?
TT
Test Test
11 Jun
En la Alfresco Summit 2014
Cesar Capillas
20 Sep
0 Comments
Reply as...