![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
• Correct Installation EMS is correctly installed and configured.
• Physical Controls The computers where EMS is installed are located in areas where physical entry is controlled to prevent unauthorized access. Only authorized administrators have access, and they cooperate in a benign environment.
• Domain Control The operating system, file system and network protocols ensure domain separation for EMS, to prevent unauthorized access to the server, its configuration files, LDAP servers, etc.
• Benign Environment Only authorized administrators have physical access or domain access, and those administrators cooperate in a benign environment.
•
• The server’s authorization parameter acts as a master switch for checking permissions for connection requests and operations on secure destinations. The default value of this parameter is disabled—the server does not check any permissions, and allows all operations. For secure deployment, you must enable this parameter.For ease in installation and initial testing, the default setting for the admin password is no password at all. Until you set an actual password, the user admin can connect without a password. Once the administrator password has been set, the server always requires it.To configure a secure deployment, the administrator must change the admin password immediately after installation; see Assign a Password to the Administrator.When authorization is enabled, the server requires a name and password before users can connect. Only authenticated users can connect to the server. The form of authentication can be either an X.509 certificate or a username and password (or both).When authorization is disabled, the server does not check user authentication; all user connections are allowed. However, even when authorization is disabled, the user admin must still supply the correct password to connect to the server.Even when authorization is enabled, the administrator (admin) may explicitly allow anonymous user connections, which do not require password authorization. To allow these connections, create a user with the name anonymous and no password.
Creating the user anonymous does not mean that anonymous has all permissions. Individual topics and queues can still be secure, and the ability to use these destinations (either sending or receiving) is controlled by the access control list of permissions for those destinations. The user anonymous can access only non-secure destinations.For more information on destination security, refer to the destination property secure on page 73, and Create Users.For communication security between servers and clients, and between servers and other servers, you must explicitly configure SSL within EMS; see Using the SSL Protocol.The server uses only one source of X.509 certificate authentication data, namely, the server parameter ssl_server_trusted (its value is set in EMS an configuration file). See ssl_server_trusted on page 236.
For security equivalent to single DES (an industry minimum), security experts recommend passwords that contain 8–14 characters, with at least one upper case character, at least one numeric character, and at least one punctuation character.Audit information is output to log files (and stderr), and is configured by the server parameters log_trace and console_trace (see Tracing and Log File Parameters).The DEFAULT setting includes +ADMIN, so all administrative operations produce audit output. For further details, see Table 81, Server Tracing Options.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |