Protect your Alfresco Installation Today: Essential Security Tips
Alfresco is one of the most famous document management system in the world. In addition to its user-friendly design and easy-to-use features, Alfresco is also recommended for its strong security. However like in case of all software tools, your Alfresco implementation is only as strong as its configuration. For a secure Alfresco you need an air-tight defense from all possible points of attack. So in this blog we are going to talk about securing your Alfresco installation. In addition, in most practical solutions every Alfresco installation is linked to other tools like portals, intranets, business intelligence tools, CMS, ECM and CRM, so it’s advisable to secure integrated tools as well. Also, if you have installed clusters of Alfresco, you should checking the security of all nodes becomes mandatory. 1. Checking All the Passwords - Change all the default passwords of the Alfresco installation. - Change the default JMX passwords associated with controlRole and monitorRole parameters. - Check whether the passwords stored in Properties files are encrypted or not. - Check the passwords and security of all connected API, Services, and Shared proxies. 2. Checking the permissions - If you are using linux, make sure that you are using non-root user for running application servers. - Change the permissions at alfresco-global.properties, dir_root/contentstore, dir_root/solr, and dir_root/lucene-indexes to allow access of only application users. - Disable guest users. - If you are using Kerberos, check the ‘file-servers-custom.xml’ file’s permissions. - Check the configuration and passwords of FTSR files. - If you are going to integrate Alfresco with third party tools (and we know that you are going to do that ;) ) create a dedicated user to them allow access to Alfresco instead of giving them access via admin user. - Unless and until your project specifically require them, set the Alfresco Share’s iFramePolicy to ‘deny’. - Recheck the permissions and configurations of Alfresco log directories. All Alfresco logs and application server logs are usually stored in the same directory so it’s imperative that you secure it. - Alfresco is full of services and features. It’s recommended to disable all unneeded services to ensure best performance from Alfresco both from general, work and security point of view. 3. Important configurations to check after every installation - Remove the Alfresco icon from the login page and if possible change the styling - Enable SSL for all major services. If you are using any third party authentication, run all authentication requests between Alfresco and server through an SSL secure server. - Whenever you are replicating Alfresco services, use HTTPS services only. Also either use a pre-created user or create a new dedicated user for the same instead of using admin user. - Enable auditing to check the performance of your system. - Enable encryption in your Alfresco system. 4. Using Fi
Recommandé
Recommandé
Contenu connexe
Plus de Ajeet Singh
Plus de Ajeet Singh (20)
Dernier
Dernier (20)
Protect your Alfresco Installation Today: Essential Security Tips
- 1. Protect your Alfresco Installation Today: Essential Security Tips
- 2. Protect your Alfresco Installation Today Alfresco is one of the most famous document management system in the world. However like in case of all software tools, your Alfresco implementation is only as strong as its configuration.
- 3. Protect your Alfresco Installation Today For a secure Alfresco you need an air- tight defense from all possible points of attack. So in this slide we are going to talk about securing your Alfresco installation.
- 4. Protect your Alfresco Installation Today Now even before we begin, I cannot list down all the possible configurations. Instead I am going to focus on main security related considerations.
- 6. Checking All the Passwords The most important aspects of security are passwords that can be used to access the documents. Your passwords are your first line of defense so use as strong a password as possible.
- 7. Checking All the Passwords ➔ Change all the default passwords of the Alfresco installation. ➔ Change the default JMX passwords associated with controlRole and monitorRole parameters.
- 8. Checking All the Passwords ➔ Check whether the passwords stored in Properties files are encrypted or not. ➔ Check the passwords and security of all connected API, and shared proxies.
- 10. Checking All the Passwords ➔ If you are using linux, make sure that you are using non-root user for running application servers. ➔ If you are using Kerberos, check the ‘file-servers-custom.xml’ file’s permissions.
- 11. Checking All the Passwords ➔ Change the permissions at alfresco- global.properties, to allow access of only application users. ➔ Disable guest users. dir_root/contentstore, dir_root/solr, and dir_root/lucene- indexes
- 12. Checking All the Passwords ➔ If you are going to integrate Alfresco with third party tools (and we know that you are going to do that ;)) create a dedicated user to them allow access to Alfresco instead of giving them access via admin user.
- 13. ➔ Unless and until your project specifically require them, set the Alfresco Share’s iFramePolicy to ‘deny’. Checking the Permissions
- 14. ➔ It’s recommended to disable all unneeded services to ensure best performance from Alfresco both from general, work and security point of view. Checking the Permissions
- 15. Important configurations to check after every installation
- 16. ➔ Remove the Alfresco icon from the login page and if possible change the styling. Also, change the default login URLs to further ensure security. Configurations to check after every installation
- 17. ➔ Enable SSL for all major services. If you are using any third party authentication, run all authentication requests between Alfresco and server through an SSL secure server. ➔ Maintain a black/white list to configure HTML processing. Configurations to check after every installation
- 18. ➔ Configure your SecurityHeaderPolicy values and enable the services to secure yourself from clickjacking attacks. ➔ Create and maintain custom error message pages. Configurations to check after every installation
- 19. ➔ Enable auditing to check the performance of your system. ➔ Always set proper permissions for metadata files as well. ➔ Enable encryption in your Alfresco system. Configurations to check after every installation
- 20. ➔ Third party firewalls also play a major role in securing your application environment. You have to setup and configure the firewalls to maintain secure inbound and outbound traffic. Configurations to check after every installation
- 21. Consult the experts when in doubt
- 22. Consult the experts when in doubt Algoworks technologies has built its business working with Alfresco. We have built hundreds of Alfresco Projects combining the document manager with every popular technology. We are world leaders in Alfresco Development and Customization.
- 23. sales@algoworks.com Toll Free : +1-877-284-1028 Author Co-Founder & Director Open-Source | Salesforce | ECM Pratyush is Co-Founder and Director at Algoworks. He is responsible for managing, growing open source technologies and Salesforce CRM team . He provides consulting and advisory to clients looking for services relating to CRM(Customer Relationship Management) and ECM(Enterprise Content Management). Pratyush Kumar Write to me @ pratyush@algoworks.com
- 24. Learn about how Algoworks can help your business! Call us at : +1-877-284-1028 Mail us at: sales@algoworks.com support@algoworks.com Official Blog Link: http://www.algoworks.com/blog/alfresco-installation-security-tips