Designing Portal Security Strategies
Table | Use Case: Authenticate Portal User (Continued) | |
Item | Description | |
|
|
|
Description | 1. | User enters the portal URL. |
| 2. | If the customization parameter [remember login] is set, then automatically |
|
| login the user and provide a session ID. |
| 3. | If first time user, prompt for LDAP user ID and password. |
| 4. | User enters previously assigned user ID and password. |
| 5. | Information is passed to Access Manager for validation. |
| 6. | If authentication passes, assign session ID and continue. |
| 7. | If authentication fails, display error message, return user to login page; |
|
| decrement remaining attempts; if |
|
| and lock out the account. |
|
|
|
Designing Portal Security Strategies
Security is the set of hardware, software, practices, and technologies that protect a server and its users from malicious outsiders. In that regard, security protects against unexpected behavior.
You need to address security globally and include people and processes as well as products and technologies. Unfortunately, too many organizations rely solely on firewall technology as their only security strategy. These organizations do not realize that many attacks come from employees, not outsiders. Therefore, you need to consider additional tools and processes when creating a secure portal environment.
Operating Portal Server in a secure environment involves making certain changes to the Solaris™ Operating Environment, the Gateway and server configuration, the installation of firewalls, and user authentication through Directory Server and SSO through Access Manager. In addition, you can use certificates, SSL encryption, and group and domain access.
Securing the Operating Environment
Reduce potential risk of security breaches in the operating environment by performing the following, often termed “system hardening:”
