Server Configurations

The following are recommendations for securing TIBCO MFT Internet Server through configuration.

Configuration in Admin Client

  • Remove unnecessary default users or remove unnecessary rights from these users.
  • Assign only necessary rights to users.
  • Use LDAP for authentication.
  • Enable Global Password rules.
  • Enable Global Lockout.
  • Allow users to reset their passwords.
  • Use the MFT Delegated Admin feature when possible.
  • AdministratorRight should be limited to a selected few people.
  • Assign the minimum right that a user needs to access the system.
  • Be cautious executing commands or Java class on an alert or scheduled job. Commands and Java programs will execute under the rights of the MFT Server process.
  • Configure the time of day and days of the week that transfers can be executed.

User the Server Option: Server File Name Prefix

When defining a server, you can use the server option: Server File Name Prefix.

This parameter defines the directory that is prefixed to the server file name defined in the transfer definition. This allows you to restrict user access to a particular directory.

This ensures that when a transfer definition is created, the transfer definition can not access data outside of this defined directory. This parameter can be used for all server types, but it is particularly important when defining a server type of *Local.

Set the SFTP and FTP banners

MFT will display banner pages when users log on to the MFT SFTP and FTP servers. It is recommended that you create a generic banner page that does not include the name of the software running or the release.