If you use the admin server to serve applications (or in a single-server domain), do the following for better security:
1. Change the default admin user and password to custom.
2. Change the admin console context root path.
3. Enable domain-wide administration port.
4. Consider disabling the admin console.
If you use an external LDAP provider, store the server boot identity in the embedded LDAP server, and set time-outs on the external LDAP authentication provider. This way, if the external LDAP server is unavailable, you can continue to restart and to serve unprotected data with WebLogic Server. Also before you apply any changes, set the control flag for all authentication providers to OPTIONAL; this prevents a configuration error from causing a production server not to restart.
WebLogic Server provides a custom realm, the NTRealm, based on older security realm APIs, that supports native Windows domain authentication. NTRealm is useful with Windows domains that are not set up to use Active Directory.
Tips
1. Store the server boot identity in the embedded LDAP server.
2. For finer control of a production environment, use Active Directory authentication, rather than native Windows domain (NTRealm) authentication.
3. To prevent denial-of-service attacks, modify the time-out and maximum-size values for the incoming protocol ports (T3, COM, IIOP, HTTP Post time out) on the server.
4. Have a security audit performed by an internal or external auditing group.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment