Organizations that are either considering deployment of Hitachi ID Identity and Access Management Suite, or have already deployed it, need to understand how to secure the Hitachi ID Suite server. Hitachi ID Suite is a sensitive part of an organization's IT infrastructure and consequently must be defended by strong security measures.
It is important to protect not only the Hitachi ID Suite server, but also the sensitive data it stores:
- Administrator credentials used by Hitachi ID Suite to connect to target systems.
- Console user passwords used by the Hitachi ID Suite administrator to sign into, configure and manage Hitachi ID Suite itself.
- Passwords to managed accounts on target systems.
- Password history and security question data for end users.
This document is organized as follows:
- Basic precautions
Some common-sense security precautions.
- Physical access and security
Provides suggestions on how to control physical access to the Hitachi ID Suite server.
- Employee training
Explains the importance of security awareness training for all employees.
- Hardening the operating system
Explains how to configure a secure Microsoft Windows server for use with Hitachi ID Suite.
- Web server
Explains how to select and configure the web server that serves the Hitachi ID Suite software.
- Password and key management
Provides guidance on password management.
- Communication defenses
Explains how to protect the data transmitted to and from each Hitachi ID Suite server.
Explains why auditing is important and provides guidance on monitoring access, events, and changes to Hitachi ID Suite.
- Microsoft Security Compliance Manager Toolkit
Information on Microsoft Security Compliance Manager.
Some of the most effective security measures are common sense:
- Use a single-purpose server for Hitachi ID Identity Manager. Sharing this server
with other applications introduces more complexity and more
administrators, each of which carries its own incremental risk.
- Use strong passwords for every administrative account on the server.
- Maintain a current, well-patched operating system on the Identity Manager
server. This eliminates well-known bugs that have already been addressed
by the vendor (Microsoft).
- Automatically apply patches, especially security patches, to the OS,
database server and any third party software.
- Keep the Identity Manager server in a physically secure location.
- Provide security awareness training to all employees.
- Install and keep up to date anti-virus software.
- Do not leave a login session open and unattended on the
Identity Manager server's console.
- Attach the Identity Manager server to a secure, internal network rather than
the public Internet. If access from the Internet is required, mediate
it via a reverse web proxy running a different OS an web server
platform than Identity Manager -- platform diversity reduces the risk of
- Regularly review Identity Manager, OS and network logs.
- Use the Microsoft Security Compliance Manager to learn more about