Organizations that are either considering deployment of Hitachi ID Identity and Access Management Suite, or have
already deployed it, need to understand how to secure the Hitachi ID Suite
server. Hitachi ID Suite is a sensitive part of an organization's IT
infrastructure and consequently must be defended by strong security
It is important to protect not only the Hitachi ID Suite server, but also the
sensitive data it stores:
Administrator credentials used by Hitachi ID Suite to connect to
Console user passwords used by the Hitachi ID Suite administrator
to sign into, configure and manage Hitachi ID Suite itself.
Passwords to managed accounts on target systems.
Password history and security question data for end users.
This document is organized as follows:
Some common-sense security precautions.
Physical access and security
Provides suggestions on how to control physical access to the
Hitachi ID Suite server.
Explains the importance of security awareness training for all
Hardening the operating system
Explains how to configure a secure Microsoft Windows server for
use with Hitachi ID Suite.
Explains how to select and configure the web server that serves the
Hitachi ID Suite software.
Password and key management
Provides guidance on password management.
Explains how to protect the data transmitted to and from each Hitachi ID Suite
Explains why auditing is important and provides guidance on monitoring
access, events, and changes to Hitachi ID Suite.
Microsoft Security Compliance Manager Toolkit
Information on Microsoft Security Compliance Manager.
Some of the most effective security measures are common sense:
Use a single-purpose server for Hitachi ID Identity Manager. Sharing this server
with other applications introduces more complexity and more
administrators, each of which carries its own incremental risk.
Use strong passwords for every administrative account on the server.
Maintain a current, well-patched operating system on the Identity Manager
server. This eliminates well-known bugs that have already been addressed
by the vendor (Microsoft).
Automatically apply patches, especially security patches, to the OS,
database server and any third party software.
Keep the Identity Manager server in a physically secure location.
Provide security awareness training to all employees.
Install and keep up to date anti-virus software.
Do not leave a login session open and unattended on the
Identity Manager server's console.
Attach the Identity Manager server to a secure, internal network rather than
the public Internet. If access from the Internet is required, mediate
it via a reverse web proxy running a different OS an web server
platform than Identity Manager -- platform diversity reduces the risk of
Regularly review Identity Manager, OS and network logs.
Use the Microsoft Security Compliance Manager to learn more about