NetIQ Access Manager 5.0 Security Guide
- NetIQ Access Manager 5.0 Security Guide
- Deployment Considerations
- Protecting Access Manager through Firewall
- Protecting Access Manager Setup behind NAT
- Protecting Identity Server behind Access Gateway
- Configuring Identity Server to Listen on Port 443
- Securing Administration Console
- Restricting Administration Console Access to only Private Network
- Managing Administration Console Session Timeout
- Securing iManager Login Settings
- Securing Administrator Accounts
- Protecting the Configuration Store
- Securing Configuration Store Using TLS Port
- Running the DHost HTTP Server on localhost
- Preventing the SWEET32 Attack
- Default Security Settings in Configuration Files
- Securing Identity Server
- Disabling Unused Authentication Protocols
- Configuring SSL Communication between Browsers and Identity Server
- Configuring SSL Communication with Identity Server and a Service Provider
- Securing Authentication by Using Strong and Multi-Factor Authentication Methods
- Securing Federation
- Configuring a Whitelist of Target URL
- Blocking Access to Identity Server Pages
- Enabling Advanced Session Assurance
- Securing Identity Server Web Service Interface
- Enabling reCAPTCHA
- Preventing the SWEET32 Attack
- Detecting the Brute Force Attack
- Restricting the Direct Access to Files in the nidp Folder
- Preventing Cross-Site Request Forgery Attacks
- Using the Device ID in the URN Cookie
- Configuring the Cookie Secure Flag
- Default Security Settings in Configuration Files
-  Securing Access Gateway
- Enabling SSL Communication between Access Gateway and Identity Server
- Enabling Secure Cookies
- Disabling Phishing
- Disabling Weak Protocols between Access Gateway and Web Servers
- Configuring Stronger Ciphers for SSL Communication between Access Gateway and Web Servers
- Enabling Perfect Forward Secrecy
- Preventing Error Messages to Show the Failure Reason on Browsers
- Enabling Advanced Session Assurance
- Preventing the Slowloris Attack
- AJP Communication Setting for Access Gateway
- Using the Device ID in the URN Cookie
- Default Security Settings in Configuration Files
- Securing Analytics Server
- Customizing the Size of EDH Keys
- Configuring SSL in Analytics Server
- Disabling SSL Renegotiations
- Securing Analytics Server Cluster Communication
- Setting Analytics Dashboard Timeout
- Default Security Settings in Configuration Files
- Securing Access Manager on Docker
- Deployment Considerations for Kubernetes
- Securing Access to Access Manager Services in a Kubernetes Cluster
- YAML Best Practices
- Protecting Access Manager Secrets on Kubernetes
- Hardening Appliance
- Disabling Weak MAC Algorithms on a Secure Shell Server
- Configuring Secure Communication
- Configuring SSL in Identity Server
- Configuring SSL in Access Gateway
- Configuring SSL for Authentication between Identity Server and Access Gateway
- Configuring SSL in Analytics Server
- Using Trusted Certificates Authority
- Strengthening TLS/SSL Settings
- Disabling SSLv2 and SSLv3 Protocols
- Optimizing SSL Configuration with Ciphers
- Enabling Perfect Forward Secrecy
- Adding HTTP Strict Transport Security
- Disabling SSL Renegotiations
- Customizing the Size of Ephemeral Diffie-Hellman Keys
- Strengthening Certificates
- Key Size and Signature Algorithm Considerations
- Trusted Certificate Authorities
- Certificate Renewal
- XSS, XFS, and Clickjacking Attacks
- Cross-site Scripting Attacks
- Cross-Frame Scripting Attacks
- Clickjacking Attacks
- Getting the Latest Security Patches
- Securing Access Manager Components on Cloud
- Prerequisite
- Protecting Administration Console on Cloud
- Restoring Previous Security Level After Upgrading Access Manager
- Restoring Previous Security Settings for Administration Console
- Restoring Previous Security Settings for Identity Server
- Restoring Previous Security Settings for Access Gateway
- Appendix
- Default Ciphers for Identity Server
- Default Ciphers for Administration Console
- Default Ciphers for Analytics Server
- Default Ciphers for Access Gateway
- Legal Notice