Livelink/JCIFS security

["Marty Samson" <martyfromork () gmail com>]

Hi group!

Here is a good one for you...

Scenario:

Use of Livelink and JCIFS

http://www.opentext.com/2/sol-products/sol-pro-llecm10.htm

The users want to implement an SSO solution that would permit access
to the Livelink server and documents through their first
Windows/Oracle sign-on.

Here is a quick view of the SSO solution:

1- Note: There is no protection regarding file integrity/monitoring or
intrusion detection on the network segment where the Livelink server
is. The Livelink version is 9.5.

2- The Livelink environment is completely isolated from the Internet.
Potential traffic is blocked by three  firewalls, in sections (DMZ
...).

3- No external access to Livelink from the Internet. I'll have to
check to make sure no VPN connection is allowed. Let's assume, for the
sake of the discussion that there is potential VPN connection.

4- The users are authenticated on the internal Network, then the
credentials are sent to the Livelink  server.

5- The Livelink  server uses JCIFS (version 0.9.2) on an internal Web
server to validate (using NTLM) back to the original Windows/Oracle AD
or OID.

6- All synchronizations are one way from the original AD/OID servers
to Livelink in read only mode, the Livelink  server can't write back
information to the AD/OID servers.

The questions are:

1- Is this SSO solution secure enough taking into account the fact
that the documents on the Livelink server are of high importance to
the company?

2- Are there mitigating factors we can put in to secure the process?

My idea is to ask for file monitoring and intrusion detection for this segment.


Thanks for your input!




-- 
*****************
Mork