Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
51525354555657585960
Interstage Single Sign-on
1-31
Protecting Communication Contents
Encryption is an effective way of protecting communication contents from being rewritten or exposed.
Use https as the protocol for the authentication and business servers and encrypt the communication
contents. The SSL environment is required to operate https. The repository server need not use SSL
communication because the Interstage Single Sign-on program encrypts the communication contents.
To set up environments for the authentication and business servers using https, see "Environment Setup
(SSO Administrators)" and "Environment Setup (Business Server Administrators)" in the Single Sign-on
Operator's Guide.
To operate the system more securely and prevent DoS attacks, install IPSec communication or a firewall
to protect the authentication and repository servers. For details, see "More Secure Use" in the Single
Sign-on Operator's Guide.
Confirming the Authentication Server
It is necessary to advise users not to enter user names or passwords, by mistake, into the form
authentication page or password authentication dialog represented by a false authentication server.
Announce the correct authentication server host name (URL) to users.
Have users access the business server via bookmarks set in their Web browsers or from links on
reliable Web sites.
When the requesting source in the basic authentication dialog could be faulty, make users cancel
the dialog and confirm whether the URL displayed in the address display area of the Web browser
matches that of the correct authentication server.
If the requesting source of the form authentication page displayed by the Web browser is not clear,
have the user confirm that the URL displayed in the address display area of the Web browser
matches that of the correct authentication server.
Countermeasures Against Password Attacks
The password used for authentication may be stolen and abused. Password theft includes brute force
attack and dictionary attacks using hacking tools. To operate the system more securely, educate users
using the items described below.
In a practical sense, add the operation requirements and security policy of the target system to
determine the rules.
Interstage Single Sign-on consolidates the management of resource information using the Smart
Repository. The administrator DN authentication information (password) required for using the Smart
Repository must also be protected. See "Smart Repository" for details of the threats and
countermeasures for the authentication information (password) of the Smart Repository administrator
DN.