Open IT Experts for Enterprise

Zylk empresa de desarrollo de ecommerce

Notes on Alfresco Security

Cesar Capillas
Cesar Capillas
This week I’m in London during Alfresco Summit 2014 conferences.
While attending Alfresco
security keynote of Toni de la Fuente
, I compiled some notes for
the Alfresco
Training Blog Post
. It is better explained in Alfresco
Security Best Practices
and the keynote, but you can use this as
a basic checklist.
  • Keep updated, it’s a basic about security (last service pack or
    hotfix of your alfresco version).
  • Remember to change admin and JMX passwords.
  • Run application as non-root user nating priviledged ports via iptables.
  • Use iptables to control local Alfresco ports.
  • Set chmod 0600 permissions for alfresco-global.properties,
    dir.root/contentstore, dir.root/solr and any other file that could
    contain password information, for example, ldap-authentication.properties
  • Use different tiers and machine for frontend, Alfresco share app,
    Alfresco Repository, SOLR, Transformation and Database Server when possible.
  • Use firewalls policies for inbound and outbound traffic. 
  • Use secure HTTP connections, at least in the frontend tier.
  • Use SSL in protocols like FTP, IMAP, SMTP, Sharepoint. Also in LDAP.
  • Disable unneeded services such as transfer service, replication,
    audit, protocols or system quotas if it is not required for the project.
  • Disable guest user for alfresco authentication subsystems
    (alfresco NTLM and ldap).
  • Monitor your Alfresco instance via Nagios/Icinga plugin or JMX
    (i.e jmxterm), for example paratemers such as JVM heap, threads,
    database connections, active users, disk usage….  
  • Backup and restore procedure tested, for example with Alfresco BART.
  • Set ticket and session timeout of Share and Repository
    applications, taking in consideration if other timeouts affect (for
    example, cookie based SSO external authentication timeout).
  • Check server logs periodically.
  • Check CSRF policies in Alfresco Share.
  • Use Apache frontend config for allowing and restricting access to
    Alfresco API (/alfresco/service/*, /alfresco/proxy).
  • Use Secure cookies.
The final security check list appendix of the paper, is a
MUST in an Alfresco installation.

Si te ha parecido interesante comparte este post en RRS

Facebook
LinkedIn
Telegram
Email

Leer más sobre temas relacionados

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *