Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
41424344454647484950
To add the VCM Web server to the Internet Explorer trusted zone, see the instructions in the VCM
Installation Guide.
Removing Untrusted Systems
Do not allow untrustworthy systems to remain in the Internet Explorer trusted zone with the VCM Web
server. This step isolates the VCM Web site from untrusted sites and helps reduce the risk of cross-site
scripting attacks.
Customizing Internet Security Options
In Internet Explorer, apply the following settings:
n
Enable Automatic login with current username and password
n
Disable Navigate subframes across different domains
n
Disable Web sites in less privileged web content zone can navigate into this zone
n
Disable Display mixed content
When you allow automatic logins, Internet Explorer can transfer credentials to machines in the trusted
zone, specifically the VCM Web server, without user interaction. When this ability is combined with the IIS
setting to use integrated windows authentication, the result makes the login process resistant to spoofing
and cross-site scripting attacks. With this configuration, login prompting does not take place within the
context of the browser, but rather within the Windows login system, which is more resistant to cross-site
scripting attacks.
Trusted Software
Even if a user interface system is dedicated to running VCM, third party software packages are often
needed.
When that happens, install only trusted software, preferably software that is accompanied and verified by
a trustworthy software publisher certificate. It is unsafe to run software of unaccountable origin on
machines in the VCM user interface zone.
Verifying Certificates
When you connect to VCM from the user interface system, Internet Explorer prompts you to verify that
the certificates that VCM uses for authentication are correct.
Click to view certificate signing details before deciding to trust the software. If the signature is known to
you and valid, you can add the certificate to your trusted store so that you do not need to repeat the
verification every time that you connect.
HTTPS Certificate
The SSL certificate used for HTTPS with the VCM Web server might be issued by a trusted root certificate
authority or be self-issued.
When a certificate comes from a trusted authority, you do not receive any warning messages. When
Internet Explorer detects an untrusted certificate, review the signature details.
n
If you recognize the signature, you can add the certificate to the trusted store.
n
If the signature is suspicious, cancel and avoid opening the Web page.
VCM Security Guide
42
VMware, Inc.