|
The Message Networking system is designed to be located securely
within the network and should not be directly connected to the Internet.
You should leverage the existing network security policy to protect
the system from malicious activities from external and internal
sources. Although protecting information may be a high priority,
protecting the integrity of your network should not be less important.
When your network is connected to the Internet, it is exposed to
various types attacks including Network packet sniffers, IP spoofing,
password attacks, Denial-of-service attacks, and application layer
attacks. A breach of integrity can be extremely dangerous and can
open the doors for continued attacks on your system. Your network,
security and applications teams should work together to plan and
manage security. You should consider the measures described below
for reducing security risks when deploying the Message Networking
system into your network.
Internet Firewalls
An Internet firewall is a system or a group of systems that enforces
a security barrier between your network and the Internet. The firewall
determines which inside services can be accessed from outside and
which outside services can be accessed by insiders. Because the
Message Networking server will be implemented as an email receiver,
the customer site must have a firewall between the Message Networking
server and the Internet.
To properly secure FTP access into the Message Networking system,
access to the FTP port (21) outside of the firewall must be prohibited.
It is also advisable to explicitly identify the untrusted networks
from which the firewall can accept requests. Ensure that all the
traffic to and from the Internet passes through the firewall.
Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) can be used for detecting
unauthorized break-ins to your systems. It is advisable to implement
a network-based intrusion detection system as a secondary security
system. Following are some of the reasons for adding an IDS to your
network. IDS:
-
Cross-checks incorrectly configured firewalls
-
Detects attacks that firewalls legitimately allow through (such
as attacks against Web servers)
-
Detects failed hacking attempts to get into your system
-
Detects insider hacking
Trusted Server
A trusted server for Message Networking is an LDAP client that
is given privileged access to Message Networking's LDAP server.
The first step in securing the system is to make certain that only
trusted systems are working together.
Top of page
.
|
