SlideShare a Scribd company logo

Protect your Alfresco Installation Today: Essential Security Tips

Download as PPTX, PDF
Ajeet Singh
Ajeet Singh

Alfresco is one of the most famous document management system in the world. In addition to its user-friendly design and easy-to-use features, Alfresco is also recommended for its strong security. However like in case of all software tools, your Alfresco implementation is only as strong as its configuration. For a secure Alfresco you need an air-tight defense from all possible points of attack. So in this blog we are going to talk about securing your Alfresco installation. In addition, in most practical solutions every Alfresco installation is linked to other tools like portals, intranets, business intelligence tools, CMS, ECM and CRM, so it’s advisable to secure integrated tools as well. Also, if you have installed clusters of Alfresco, you should checking the security of all nodes becomes mandatory. 1. Checking All the Passwords - Change all the default passwords of the Alfresco installation. - Change the default JMX passwords associated with controlRole and monitorRole parameters. - Check whether the passwords stored in Properties files are encrypted or not. - Check the passwords and security of all connected API, Services, and Shared proxies. 2. Checking the permissions - If you are using linux, make sure that you are using non-root user for running application servers. - Change the permissions at alfresco-global.properties, dir_root/contentstore, dir_root/solr, and dir_root/lucene-indexes to allow access of only application users. - Disable guest users. - If you are using Kerberos, check the ‘file-servers-custom.xml’ file’s permissions. - Check the configuration and passwords of FTSR files. - If you are going to integrate Alfresco with third party tools (and we know that you are going to do that ;) ) create a dedicated user to them allow access to Alfresco instead of giving them access via admin user. - Unless and until your project specifically require them, set the Alfresco Share’s iFramePolicy to ‘deny’. - Recheck the permissions and configurations of Alfresco log directories. All Alfresco logs and application server logs are usually stored in the same directory so it’s imperative that you secure it. - Alfresco is full of services and features. It’s recommended to disable all unneeded services to ensure best performance from Alfresco both from general, work and security point of view. 3. Important configurations to check after every installation - Remove the Alfresco icon from the login page and if possible change the styling - Enable SSL for all major services. If you are using any third party authentication, run all authentication requests between Alfresco and server through an SSL secure server. - Whenever you are replicating Alfresco services, use HTTPS services only. Also either use a pre-created user or create a new dedicated user for the same instead of using admin user. - Enable auditing to check the performance of your system. - Enable encryption in your Alfresco system. 4. Using Fi

Technology
1 of 24
Protect your Alfresco Installation Today: Essential Security Tips
Protect your Alfresco Installation Today Alfresco is one of the most famous document management system in the world. However like in case of all software tools, your Alfresco implementation is only as strong as its configuration.
Protect your Alfresco Installation Today For a secure Alfresco you need an air- tight defense from all possible points of attack. So in this slide we are going to talk about securing your Alfresco installation.
Protect your Alfresco Installation Today Now even before we begin, I cannot list down all the possible configurations. Instead I am going to focus on main security related considerations.
Checking ALL THE PASSWORDS
Checking All the Passwords The most important aspects of security are passwords that can be used to access the documents. Your passwords are your first line of defense so use as strong a password as possible.
Checking All the Passwords ➔ Change all the default passwords of the Alfresco installation. ➔ Change the default JMX passwords associated with controlRole and monitorRole parameters.
Checking All the Passwords ➔ Check whether the passwords stored in Properties files are encrypted or not. ➔ Check the passwords and security of all connected API, and shared proxies.
Checking the Permissions
Checking All the Passwords ➔ If you are using linux, make sure that you are using non-root user for running application servers. ➔ If you are using Kerberos, check the ‘file-servers-custom.xml’ file’s permissions.
Checking All the Passwords ➔ Change the permissions at alfresco- global.properties, to allow access of only application users. ➔ Disable guest users. dir_root/contentstore, dir_root/solr, and dir_root/lucene- indexes
Checking All the Passwords ➔ If you are going to integrate Alfresco with third party tools (and we know that you are going to do that ;)) create a dedicated user to them allow access to Alfresco instead of giving them access via admin user.
➔ Unless and until your project specifically require them, set the Alfresco Share’s iFramePolicy to ‘deny’. Checking the Permissions
➔ It’s recommended to disable all unneeded services to ensure best performance from Alfresco both from general, work and security point of view. Checking the Permissions
Important configurations to check after every installation
➔ Remove the Alfresco icon from the login page and if possible change the styling. Also, change the default login URLs to further ensure security. Configurations to check after every installation
➔ Enable SSL for all major services. If you are using any third party authentication, run all authentication requests between Alfresco and server through an SSL secure server. ➔ Maintain a black/white list to configure HTML processing. Configurations to check after every installation
➔ Configure your SecurityHeaderPolicy values and enable the services to secure yourself from clickjacking attacks. ➔ Create and maintain custom error message pages. Configurations to check after every installation
➔ Enable auditing to check the performance of your system. ➔ Always set proper permissions for metadata files as well. ➔ Enable encryption in your Alfresco system. Configurations to check after every installation
➔ Third party firewalls also play a major role in securing your application environment. You have to setup and configure the firewalls to maintain secure inbound and outbound traffic. Configurations to check after every installation
Consult the experts when in doubt
Consult the experts when in doubt Algoworks technologies has built its business working with Alfresco. We have built hundreds of Alfresco Projects combining the document manager with every popular technology. We are world leaders in Alfresco Development and Customization.
sales@algoworks.com Toll Free : +1-877-284-1028 Author Co-Founder & Director Open-Source | Salesforce | ECM Pratyush is Co-Founder and Director at Algoworks. He is responsible for managing, growing open source technologies and Salesforce CRM team . He provides consulting and advisory to clients looking for services relating to CRM(Customer Relationship Management) and ECM(Enterprise Content Management). Pratyush Kumar Write to me @ pratyush@algoworks.com
Learn about how Algoworks can help your business! Call us at : +1-877-284-1028 Mail us at: sales@algoworks.com support@algoworks.com Official Blog Link: http://www.algoworks.com/blog/alfresco-installation-security-tips

Recommended

Why Flow with Salesforce Flow
Why Flow with Salesforce FlowWhy Flow with Salesforce Flow
Why Flow with Salesforce FlowAjeet Singh
 
Top 5 Javascript Frameworks for Web and Mobile App Development
Top 5 Javascript Frameworks for Web and Mobile App DevelopmentTop 5 Javascript Frameworks for Web and Mobile App Development
Top 5 Javascript Frameworks for Web and Mobile App DevelopmentAjeet Singh
 
Alfresco business offerings
Alfresco business offeringsAlfresco business offerings
Alfresco business offeringsAjeet Singh
 
Salesforce Security – An Encryption Guide For The Paranoid
Salesforce Security – An Encryption Guide For The ParanoidSalesforce Security – An Encryption Guide For The Paranoid
Salesforce Security – An Encryption Guide For The ParanoidAjeet Singh
 
Feature guide opportunity manager(awom)
Feature guide opportunity manager(awom)Feature guide opportunity manager(awom)
Feature guide opportunity manager(awom)Ajeet Singh
 
Quickbooks Integration with Salesforce - Tips from Certified Consultants
Quickbooks Integration with Salesforce - Tips from Certified ConsultantsQuickbooks Integration with Salesforce - Tips from Certified Consultants
Quickbooks Integration with Salesforce - Tips from Certified ConsultantsAjeet Singh
 
Alfresco 4.0 - A Complete Introduction
Alfresco 4.0 - A Complete Introduction Alfresco 4.0 - A Complete Introduction
Alfresco 4.0 - A Complete IntroductionAjeet Singh
 
Things Not To Do At Dreamforce: Tips & Tricks from Salesforce Success Community
Things Not To Do At Dreamforce: Tips & Tricks from Salesforce Success CommunityThings Not To Do At Dreamforce: Tips & Tricks from Salesforce Success Community
Things Not To Do At Dreamforce: Tips & Tricks from Salesforce Success CommunityAjeet Singh
 

Recommended

Why Flow with Salesforce Flow
Why Flow with Salesforce FlowWhy Flow with Salesforce Flow
Why Flow with Salesforce FlowAjeet Singh
 
Top 5 Javascript Frameworks for Web and Mobile App Development
Top 5 Javascript Frameworks for Web and Mobile App DevelopmentTop 5 Javascript Frameworks for Web and Mobile App Development
Top 5 Javascript Frameworks for Web and Mobile App DevelopmentAjeet Singh
 
Alfresco business offerings
Alfresco business offeringsAlfresco business offerings
Alfresco business offeringsAjeet Singh
 
Salesforce Security – An Encryption Guide For The Paranoid
Salesforce Security – An Encryption Guide For The ParanoidSalesforce Security – An Encryption Guide For The Paranoid
Salesforce Security – An Encryption Guide For The ParanoidAjeet Singh
 
Feature guide opportunity manager(awom)
Feature guide opportunity manager(awom)Feature guide opportunity manager(awom)
Feature guide opportunity manager(awom)Ajeet Singh
 
Quickbooks Integration with Salesforce - Tips from Certified Consultants
Quickbooks Integration with Salesforce - Tips from Certified ConsultantsQuickbooks Integration with Salesforce - Tips from Certified Consultants
Quickbooks Integration with Salesforce - Tips from Certified ConsultantsAjeet Singh
 
Alfresco 4.0 - A Complete Introduction
Alfresco 4.0 - A Complete Introduction Alfresco 4.0 - A Complete Introduction
Alfresco 4.0 - A Complete IntroductionAjeet Singh
 
Things Not To Do At Dreamforce: Tips & Tricks from Salesforce Success Community
Things Not To Do At Dreamforce: Tips & Tricks from Salesforce Success CommunityThings Not To Do At Dreamforce: Tips & Tricks from Salesforce Success Community
Things Not To Do At Dreamforce: Tips & Tricks from Salesforce Success CommunityAjeet Singh
 
Fintech Meetup 2024: The Best Fintech Show of the Year
Fintech Meetup 2024: The Best Fintech Show of the YearFintech Meetup 2024: The Best Fintech Show of the Year
Fintech Meetup 2024: The Best Fintech Show of the YearAjeet Singh
 
Dreamforce 23: Where Salesforce Meets AI
Dreamforce 23: Where Salesforce Meets AIDreamforce 23: Where Salesforce Meets AI
Dreamforce 23: Where Salesforce Meets AIAjeet Singh
 
Dreamforce 2022 - Algoworks.pptx
Dreamforce 2022 - Algoworks.pptxDreamforce 2022 - Algoworks.pptx
Dreamforce 2022 - Algoworks.pptxAjeet Singh
 
Why and When Enterprise Should Adopt NativeScript for App Development
Why and When Enterprise Should Adopt NativeScript for App DevelopmentWhy and When Enterprise Should Adopt NativeScript for App Development
Why and When Enterprise Should Adopt NativeScript for App DevelopmentAjeet Singh
 
The Next Big Thing In Mobile App Development – Trends 2019!
The Next Big Thing In Mobile App Development – Trends 2019!The Next Big Thing In Mobile App Development – Trends 2019!
The Next Big Thing In Mobile App Development – Trends 2019!Ajeet Singh
 
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!Ajeet Singh
 
5 Hottest Trends The DevOps World Wants You To Know!
5 Hottest Trends The DevOps World Wants You To Know!5 Hottest Trends The DevOps World Wants You To Know!
5 Hottest Trends The DevOps World Wants You To Know!Ajeet Singh
 
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce![Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!Ajeet Singh
 
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...Ajeet Singh
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}Ajeet Singh
 
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It![Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!Ajeet Singh
 
DevOps & Its Impact | An Infographic
DevOps & Its Impact | An InfographicDevOps & Its Impact | An Infographic
DevOps & Its Impact | An InfographicAjeet Singh
 
Top 6 Upcoming Big Data Trends of 2018!
Top 6 Upcoming Big Data Trends of 2018!Top 6 Upcoming Big Data Trends of 2018!
Top 6 Upcoming Big Data Trends of 2018!Ajeet Singh
 
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...Ajeet Singh
 
Xamarin Test Cloud – Automating Testing Effectively
Xamarin Test Cloud – Automating Testing EffectivelyXamarin Test Cloud – Automating Testing Effectively
Xamarin Test Cloud – Automating Testing EffectivelyAjeet Singh
 
Latest Mobile App Development Trends
Latest Mobile App Development TrendsLatest Mobile App Development Trends
Latest Mobile App Development TrendsAjeet Singh
 
Haven’t Switched To ECM Yet? Think About Alfresco!
Haven’t Switched To ECM Yet? Think About Alfresco!Haven’t Switched To ECM Yet? Think About Alfresco!
Haven’t Switched To ECM Yet? Think About Alfresco!Ajeet Singh
 
User Manual Guide: Case Management App on Salesforce AppExchange
User Manual Guide: Case Management App on Salesforce AppExchangeUser Manual Guide: Case Management App on Salesforce AppExchange
User Manual Guide: Case Management App on Salesforce AppExchangeAjeet Singh
 
Salesforce® Summer’17 To Raise The Temperature This Season!
Salesforce® Summer’17 To Raise The Temperature This Season!Salesforce® Summer’17 To Raise The Temperature This Season!
Salesforce® Summer’17 To Raise The Temperature This Season!Ajeet Singh
 
10 top notch big data trends to watch out for in 2017
10 top notch big data trends to watch out for in 201710 top notch big data trends to watch out for in 2017
10 top notch big data trends to watch out for in 2017Ajeet Singh
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

More Related Content

More from Ajeet Singh

Fintech Meetup 2024: The Best Fintech Show of the Year
Fintech Meetup 2024: The Best Fintech Show of the YearFintech Meetup 2024: The Best Fintech Show of the Year
Fintech Meetup 2024: The Best Fintech Show of the YearAjeet Singh
 
Dreamforce 23: Where Salesforce Meets AI
Dreamforce 23: Where Salesforce Meets AIDreamforce 23: Where Salesforce Meets AI
Dreamforce 23: Where Salesforce Meets AIAjeet Singh
 
Dreamforce 2022 - Algoworks.pptx
Dreamforce 2022 - Algoworks.pptxDreamforce 2022 - Algoworks.pptx
Dreamforce 2022 - Algoworks.pptxAjeet Singh
 
Why and When Enterprise Should Adopt NativeScript for App Development
Why and When Enterprise Should Adopt NativeScript for App DevelopmentWhy and When Enterprise Should Adopt NativeScript for App Development
Why and When Enterprise Should Adopt NativeScript for App DevelopmentAjeet Singh
 
The Next Big Thing In Mobile App Development – Trends 2019!
The Next Big Thing In Mobile App Development – Trends 2019!The Next Big Thing In Mobile App Development – Trends 2019!
The Next Big Thing In Mobile App Development – Trends 2019!Ajeet Singh
 
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!Ajeet Singh
 
5 Hottest Trends The DevOps World Wants You To Know!
5 Hottest Trends The DevOps World Wants You To Know!5 Hottest Trends The DevOps World Wants You To Know!
5 Hottest Trends The DevOps World Wants You To Know!Ajeet Singh
 
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce![Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!Ajeet Singh
 
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...Ajeet Singh
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}Ajeet Singh
 
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It![Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!Ajeet Singh
 
DevOps & Its Impact | An Infographic
DevOps & Its Impact | An InfographicDevOps & Its Impact | An Infographic
DevOps & Its Impact | An InfographicAjeet Singh
 
Top 6 Upcoming Big Data Trends of 2018!
Top 6 Upcoming Big Data Trends of 2018!Top 6 Upcoming Big Data Trends of 2018!
Top 6 Upcoming Big Data Trends of 2018!Ajeet Singh
 
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...Ajeet Singh
 
Xamarin Test Cloud – Automating Testing Effectively
Xamarin Test Cloud – Automating Testing EffectivelyXamarin Test Cloud – Automating Testing Effectively
Xamarin Test Cloud – Automating Testing EffectivelyAjeet Singh
 
Latest Mobile App Development Trends
Latest Mobile App Development TrendsLatest Mobile App Development Trends
Latest Mobile App Development TrendsAjeet Singh
 
Haven’t Switched To ECM Yet? Think About Alfresco!
Haven’t Switched To ECM Yet? Think About Alfresco!Haven’t Switched To ECM Yet? Think About Alfresco!
Haven’t Switched To ECM Yet? Think About Alfresco!Ajeet Singh
 
User Manual Guide: Case Management App on Salesforce AppExchange
User Manual Guide: Case Management App on Salesforce AppExchangeUser Manual Guide: Case Management App on Salesforce AppExchange
User Manual Guide: Case Management App on Salesforce AppExchangeAjeet Singh
 
Salesforce® Summer’17 To Raise The Temperature This Season!
Salesforce® Summer’17 To Raise The Temperature This Season!Salesforce® Summer’17 To Raise The Temperature This Season!
Salesforce® Summer’17 To Raise The Temperature This Season!Ajeet Singh
 
10 top notch big data trends to watch out for in 2017
10 top notch big data trends to watch out for in 201710 top notch big data trends to watch out for in 2017
10 top notch big data trends to watch out for in 2017Ajeet Singh
 

More from Ajeet Singh (20)

Fintech Meetup 2024: The Best Fintech Show of the Year
Fintech Meetup 2024: The Best Fintech Show of the YearFintech Meetup 2024: The Best Fintech Show of the Year
Fintech Meetup 2024: The Best Fintech Show of the Year
 
Dreamforce 23: Where Salesforce Meets AI
Dreamforce 23: Where Salesforce Meets AIDreamforce 23: Where Salesforce Meets AI
Dreamforce 23: Where Salesforce Meets AI
 
Dreamforce 2022 - Algoworks.pptx
Dreamforce 2022 - Algoworks.pptxDreamforce 2022 - Algoworks.pptx
Dreamforce 2022 - Algoworks.pptx
 
Why and When Enterprise Should Adopt NativeScript for App Development
Why and When Enterprise Should Adopt NativeScript for App DevelopmentWhy and When Enterprise Should Adopt NativeScript for App Development
Why and When Enterprise Should Adopt NativeScript for App Development
 
The Next Big Thing In Mobile App Development – Trends 2019!
The Next Big Thing In Mobile App Development – Trends 2019!The Next Big Thing In Mobile App Development – Trends 2019!
The Next Big Thing In Mobile App Development – Trends 2019!
 
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!
The Best Design Trend Is To Not Follow One. We have 6! : UI Design Trends 2019!
 
5 Hottest Trends The DevOps World Wants You To Know!
5 Hottest Trends The DevOps World Wants You To Know!5 Hottest Trends The DevOps World Wants You To Know!
5 Hottest Trends The DevOps World Wants You To Know!
 
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce![Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!
[Business Strategy] Pump Up Your Revenue: Retain Customers With Salesforce!
 
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...
Happening Dreamforce Parties 2018 | Dreamforce 2018 Countdown Is On. Are You ...
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}
 
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It![Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!
[Business Strategy] DevOps Implementation Failure. Save It Before You Fail It!
 
DevOps & Its Impact | An Infographic
DevOps & Its Impact | An InfographicDevOps & Its Impact | An Infographic
DevOps & Its Impact | An Infographic
 
Top 6 Upcoming Big Data Trends of 2018!
Top 6 Upcoming Big Data Trends of 2018!Top 6 Upcoming Big Data Trends of 2018!
Top 6 Upcoming Big Data Trends of 2018!
 
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...
HIPAA Compliant Salesforce Health Cloud – Why Healthcare Organizations Must C...
 
Xamarin Test Cloud – Automating Testing Effectively
Xamarin Test Cloud – Automating Testing EffectivelyXamarin Test Cloud – Automating Testing Effectively
Xamarin Test Cloud – Automating Testing Effectively
 
Latest Mobile App Development Trends
Latest Mobile App Development TrendsLatest Mobile App Development Trends
Latest Mobile App Development Trends
 
Haven’t Switched To ECM Yet? Think About Alfresco!
Haven’t Switched To ECM Yet? Think About Alfresco!Haven’t Switched To ECM Yet? Think About Alfresco!
Haven’t Switched To ECM Yet? Think About Alfresco!
 
User Manual Guide: Case Management App on Salesforce AppExchange
User Manual Guide: Case Management App on Salesforce AppExchangeUser Manual Guide: Case Management App on Salesforce AppExchange
User Manual Guide: Case Management App on Salesforce AppExchange
 
Salesforce® Summer’17 To Raise The Temperature This Season!
Salesforce® Summer’17 To Raise The Temperature This Season!Salesforce® Summer’17 To Raise The Temperature This Season!
Salesforce® Summer’17 To Raise The Temperature This Season!
 
10 top notch big data trends to watch out for in 2017
10 top notch big data trends to watch out for in 201710 top notch big data trends to watch out for in 2017
10 top notch big data trends to watch out for in 2017
 

Recently uploaded

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 

Recently uploaded (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 

Protect your Alfresco Installation Today: Essential Security Tips

  • 1. Protect your Alfresco Installation Today: Essential Security Tips
  • 2. Protect your Alfresco Installation Today Alfresco is one of the most famous document management system in the world. However like in case of all software tools, your Alfresco implementation is only as strong as its configuration.
  • 3. Protect your Alfresco Installation Today For a secure Alfresco you need an air- tight defense from all possible points of attack. So in this slide we are going to talk about securing your Alfresco installation.
  • 4. Protect your Alfresco Installation Today Now even before we begin, I cannot list down all the possible configurations. Instead I am going to focus on main security related considerations.
  • 6. Checking All the Passwords The most important aspects of security are passwords that can be used to access the documents. Your passwords are your first line of defense so use as strong a password as possible.
  • 7. Checking All the Passwords ➔ Change all the default passwords of the Alfresco installation. ➔ Change the default JMX passwords associated with controlRole and monitorRole parameters.
  • 8. Checking All the Passwords ➔ Check whether the passwords stored in Properties files are encrypted or not. ➔ Check the passwords and security of all connected API, and shared proxies.
  • 10. Checking All the Passwords ➔ If you are using linux, make sure that you are using non-root user for running application servers. ➔ If you are using Kerberos, check the ‘file-servers-custom.xml’ file’s permissions.
  • 11. Checking All the Passwords ➔ Change the permissions at alfresco- global.properties, to allow access of only application users. ➔ Disable guest users. dir_root/contentstore, dir_root/solr, and dir_root/lucene- indexes
  • 12. Checking All the Passwords ➔ If you are going to integrate Alfresco with third party tools (and we know that you are going to do that ;)) create a dedicated user to them allow access to Alfresco instead of giving them access via admin user.
  • 13. ➔ Unless and until your project specifically require them, set the Alfresco Share’s iFramePolicy to ‘deny’. Checking the Permissions
  • 14. ➔ It’s recommended to disable all unneeded services to ensure best performance from Alfresco both from general, work and security point of view. Checking the Permissions
  • 16. ➔ Remove the Alfresco icon from the login page and if possible change the styling. Also, change the default login URLs to further ensure security. Configurations to check after every installation
  • 17. ➔ Enable SSL for all major services. If you are using any third party authentication, run all authentication requests between Alfresco and server through an SSL secure server. ➔ Maintain a black/white list to configure HTML processing. Configurations to check after every installation
  • 18. ➔ Configure your SecurityHeaderPolicy values and enable the services to secure yourself from clickjacking attacks. ➔ Create and maintain custom error message pages. Configurations to check after every installation
  • 19. ➔ Enable auditing to check the performance of your system. ➔ Always set proper permissions for metadata files as well. ➔ Enable encryption in your Alfresco system. Configurations to check after every installation
  • 20. ➔ Third party firewalls also play a major role in securing your application environment. You have to setup and configure the firewalls to maintain secure inbound and outbound traffic. Configurations to check after every installation
  • 22. Consult the experts when in doubt Algoworks technologies has built its business working with Alfresco. We have built hundreds of Alfresco Projects combining the document manager with every popular technology. We are world leaders in Alfresco Development and Customization.
  • 23. sales@algoworks.com Toll Free : +1-877-284-1028 Author Co-Founder & Director Open-Source | Salesforce | ECM Pratyush is Co-Founder and Director at Algoworks. He is responsible for managing, growing open source technologies and Salesforce CRM team . He provides consulting and advisory to clients looking for services relating to CRM(Customer Relationship Management) and ECM(Enterprise Content Management). Pratyush Kumar Write to me @ pratyush@algoworks.com
  • 24. Learn about how Algoworks can help your business! Call us at : +1-877-284-1028 Mail us at: sales@algoworks.com support@algoworks.com Official Blog Link: http://www.algoworks.com/blog/alfresco-installation-security-tips