Security Basics mailing list archives
Livelink/JCIFS security
From: "Marty Samson" <martyfromork () gmail com>
Date: Fri, 7 Mar 2008 08:15:48 -0500
Hi group! Here is a good one for you... Scenario: Use of Livelink and JCIFS http://www.opentext.com/2/sol-products/sol-pro-llecm10.htm The users want to implement an SSO solution that would permit access to the Livelink server and documents through their first Windows/Oracle sign-on. Here is a quick view of the SSO solution: 1- Note: There is no protection regarding file integrity/monitoring or intrusion detection on the network segment where the Livelink server is. The Livelink version is 9.5. 2- The Livelink environment is completely isolated from the Internet. Potential traffic is blocked by three firewalls, in sections (DMZ ...). 3- No external access to Livelink from the Internet. I'll have to check to make sure no VPN connection is allowed. Let's assume, for the sake of the discussion that there is potential VPN connection. 4- The users are authenticated on the internal Network, then the credentials are sent to the Livelink server. 5- The Livelink server uses JCIFS (version 0.9.2) on an internal Web server to validate (using NTLM) back to the original Windows/Oracle AD or OID. 6- All synchronizations are one way from the original AD/OID servers to Livelink in read only mode, the Livelink server can't write back information to the AD/OID servers. The questions are: 1- Is this SSO solution secure enough taking into account the fact that the documents on the Livelink server are of high importance to the company? 2- Are there mitigating factors we can put in to secure the process? My idea is to ask for file monitoring and intrusion detection for this segment. Thanks for your input! -- ***************** Mork
Current thread:
- Livelink/JCIFS security Marty Samson (Mar 07)