Designing Portal Security Strategies
102 Portal Server 6 2005Q1 • Deployment Planning Guide
Designing Portal Security Strategies
Security is the set of hardware, software, practices, and technologies that protect a
server and its users from malicious outsiders. In that regard, security protects
against unexpected behavior.
You need to address security globally and include people and processes as well as
products and technologies. Unfortunately, too many organizations rely solely on
firewall technology as their only security strategy. These organizations do not
realize that many attacks come from employees, not outsiders. Therefore, you need
to consider additional tools and processes when creating a secure portal
environment.
Operating Portal Server in a secure environment involves making certain changes
to the Solaris™ Operating Environment, the Gateway and server configuration, the
installation of firewalls, and user authentication through Directory Server and SSO
through Access Manager. In addition, you can use certificates, SSL encryption, and
group and domain access.
Securing the Operating Environment
Reduce potential risk of security breaches in the operating environment by
performing the following, often termed “system hardening:”
Description 1. User enters the portal URL.
2. If the customization parameter [remember login] is set, then automatically
login the user and provide a session ID.
3. If first time user, prompt for LDAP user ID and password.
4. User enters previously assigned user ID and password.
5. Information is passed to Access Manager for validation.
6. If authentication passes, assign session ID and continue.
7. If authentication fails, display error message, return user to login page;
decrement remaining attempts; if pre-set attempts exceed limit, notify user
and lock out the account.
Table 5-2 Use Case: Authenticate Portal User (Continued)
Item Description