Previous PDF

swipe to navigate

Organizations that are either considering deployment of Hitachi ID Identity and Access Management Suite, or have already deployed it, need to understand how to secure the Hitachi ID Suite server. Hitachi ID Suite is a sensitive part of an organization's IT infrastructure and consequently must be defended by strong security measures.

It is important to protect not only the Hitachi ID Suite server, but also the sensitive data it stores:

  • Administrator credentials used by Hitachi ID Suite to connect to target systems.
  • Console user passwords used by the Hitachi ID Suite administrator to sign into, configure and manage Hitachi ID Suite itself.
  • Passwords to managed accounts on target systems.
  • Password history and security question data for end users.

This document is organized as follows:

  • Basic precautions

    Some common-sense security precautions.

  • Physical access and security

    Provides suggestions on how to control physical access to the Hitachi ID Suite server.

  • Employee training

    Explains the importance of security awareness training for all employees.

  • Hardening the operating system

    Explains how to configure a secure Microsoft Windows server for use with Hitachi ID Suite.

  • Web server

    Explains how to select and configure the web server that serves the Hitachi ID Suite software.

  • Password and key management

    Provides guidance on password management.

  • Communication defenses

    Explains how to protect the data transmitted to and from each Hitachi ID Suite server.

  • Auditing

    Explains why auditing is important and provides guidance on monitoring access, events, and changes to Hitachi ID Suite.

  • Microsoft Security Compliance Manager Toolkit

    Information on Microsoft Security Compliance Manager.

Basic precautions

Some of the most effective security measures are common sense:

  • Use a single-purpose server for Hitachi ID Identity Manager. Sharing this server with other applications introduces more complexity and more administrators, each of which carries its own incremental risk.

  • Use strong passwords for every administrative account on the server.

  • Maintain a current, well-patched operating system on the Identity Manager server. This eliminates well-known bugs that have already been addressed by the vendor (Microsoft).

  • Automatically apply patches, especially security patches, to the OS, database server and any third party software.

  • Keep the Identity Manager server in a physically secure location.

  • Provide security awareness training to all employees.

  • Install and keep up to date anti-virus software.

  • Do not leave a login session open and unattended on the Identity Manager server's console.

  • Attach the Identity Manager server to a secure, internal network rather than the public Internet. If access from the Internet is required, mediate it via a reverse web proxy running a different OS an web server platform than Identity Manager -- platform diversity reduces the risk of zero-day exploits.

  • Regularly review Identity Manager, OS and network logs.

  • Use the Microsoft Security Compliance Manager to learn more about server hardening.

Previous PDF

Comment via LinkedIn