Server Configurations

You can follow the following recommendations to secure TIBCO MFT Command Center through configurations.

Configuration in Admin Client

  • Remove unnecessary default users or unnecessary rights from these users.
  • Assign only necessary rights to users.
  • Use LDAP for authentication.
  • Enable global password rules.
  • Enable global lockout.
  • Allow users to reset their passwords.
  • Use the MFT delegated administration feature if possible.
  • AdministratorRight must be limited to a selected few of people.
  • Assign the minimum right that a user needs to access the system.
  • Be cautious executing commands or Java class on an alert or scheduled job. Commands and java programs will execute under the rights of the MFT server process.
  • Configure time of a day and days of the week that transfers can be executed.

Server Options: Server File Name Prefix

When defining a server, you can expand the Server Options section on the Add Server page and use the Server File Name Prefix parameter.

This parameter defines the directory that is prefixed to the server file name defined on the transfer definition. It allows you to restrict user access to a particular directory and ensures that when a transfer definition is created, the transfer definition cannot access data outside of this defined directory.

This parameter can be used for all server types, but it is particularly important when defining a server of *Local type.

SFTP and FTP banners

Banner pages will be displayed by MFT when you log on to the MFT SFTP and FTP servers. It is good practice to create a generic banner pages that does not include the name of the software running or the release.