MACROMEDIA BREEZE-CLUSTERING BREEZE LIVE Instrukcja Użytkownika Pobierz pdf (Strona 55)

Chapter 7: Securing Connect Enterprise

Securing Adobe Connect Enterprise protects your organization against loss of property and malicious acts. It is

important to secure your organization’s infrastructure, Adobe Connect Enterprise Server, and the database server

used by Connect Enterprise Server. You may also choose to configure SSL so that all connections to Connect Enter-

prise Server are secure; for more information, see

www.adobe.com/go/connect_ssl_en. Connect Enterprise also

supports PKI; for more information, see “Public key infrastructure” on page 41.

Securing the infrastructure

Network security

Connect Enterprise Server relies on several private TCP/IP services for its communications. These services open

several ports and channels that must be protected from outside users. Connect Enterprise Server requires that you

place sensitive ports behind a firewall. The firewall should support stateful packet inspection (not just packet-

filtering). The firewall should have an option to “deny all services by default except those explicitly permitted”. The

firewall should be at least a dual-home (two or more network interfaces) firewall. This architecture helps prevent

unauthorized users from bypassing the security of the firewall.

The easiest solution for securing Connect Enterprise is to block all ports on the server except 80, 1935, and 443. An

external hardware firewall appliance provides a layer of protection against gaps in the operating system. You can

configure layers of hardware-based firewalls to form DMZs. If the server is carefully updated by your IT department

with the latest Microsoft security patches, a software-based firewall can be configured to enable additional security.

Intranet access

If you intend to have users access Connect Enterprise Server on your intranet, you should place the Connect Enter-

prise servers and the Connect Enterprise Server database in a separate subnet, separated by a firewall. The internal

network segment where Connect Enterprise Server is installed should use private IP addresses (10.0.0.0/8,

172.16.0.0/12, or 192.168.0.0/16) to make it more difficult for an attacker to route traffic to a public IP and from the

network address translated internal IP. For more information, see RFC 1918. This configuration of the firewall

should take into consideration all Connect Enterprise Server ports and whether they are configured for inbound or

outbound traffic.

Internet access

If you intend to have users access Connect Enterprise Server on the Internet, it is extremely important that you

separate the Connect Enterprise servers from the Internet with a firewall. If you do not take the necessary steps to

secure the Connect Enterprise servers, you are leaving your valuable information available for anyone to steal.

Database server security

WhetherornotyouarehostingyourdatabaseonthesameserverasConnectEnterpriseServer,youmustmakesure

that your database is secure. Computers hosting a database should be in a physically secure location. Additional

precautions include the following:

• Install the database in the secure zone of your organization’s intranet.

• Never connect the database directly to the Internet.

1 2 ... 50 51 52 53 54 55 56 57 58 59 60 61 62

Brak uwag

MACROMEDIA BREEZE-CLUSTERING BREEZE LIVE Instrukcja Użytkownika Strona 55