Designing Portal Security Strategies

Table 5-2

Use Case: Authenticate Portal User (Continued)

Item

Description

 

 

 

Description

1.

User enters the portal URL.

 

2.

If the customization parameter [remember login] is set, then automatically

 

 

login the user and provide a session ID.

 

3.

If first time user, prompt for LDAP user ID and password.

 

4.

User enters previously assigned user ID and password.

 

5.

Information is passed to Access Manager for validation.

 

6.

If authentication passes, assign session ID and continue.

 

7.

If authentication fails, display error message, return user to login page;

 

 

decrement remaining attempts; if pre-set attempts exceed limit, notify user

 

 

and lock out the account.

 

 

 

Designing Portal Security Strategies

Security is the set of hardware, software, practices, and technologies that protect a server and its users from malicious outsiders. In that regard, security protects against unexpected behavior.

You need to address security globally and include people and processes as well as products and technologies. Unfortunately, too many organizations rely solely on firewall technology as their only security strategy. These organizations do not realize that many attacks come from employees, not outsiders. Therefore, you need to consider additional tools and processes when creating a secure portal environment.

Operating Portal Server in a secure environment involves making certain changes to the Solaris™ Operating Environment, the Gateway and server configuration, the installation of firewalls, and user authentication through Directory Server and SSO through Access Manager. In addition, you can use certificates, SSL encryption, and group and domain access.

Securing the Operating Environment

Reduce potential risk of security breaches in the operating environment by performing the following, often termed “system hardening:”

102 Portal Server 6 2005Q1 • Deployment Planning Guide

Page 102
Image 102
Sun Microsystems 2005Q1 manual Designing Portal Security Strategies, Securing the Operating Environment