webMethods 10.2 | Integration Server Administrator's Guide | Integration Server Deployment Checklist | Stage 7: Setting Up Security
 
Stage 7: Setting Up Security
Take the following steps to ensure that the security measures you want to use are in place.
Step
Action
Done?
1.
Check passwords.
Verify that the passwords for the Administrator and Replicator accounts and the master password for outbound password encryption have been changed from the default values assigned by webMethods Integration Server.
2.
Edit the index.html file to prevent access to Integration Server Administrator.
If you want to prevent a user from inadvertently accessing the Integration Server Administrator, edit the following file:
Integration Server_directory \instances\instance_name\packages\Default\pub\index.html
Change the SRC in the <frame src="/WmRoot/index.dsp"\> tag to some innocuous page you have created (perhaps one that displays an error message with alternate links).
You can prevent users from seeing all DSP files on Integration Server by using the watt.server.displayDirectories server configuration parameter.
Note that if you edit the index.html file, you will not be able to invoke the Integration Server Administrator in the standard way (i.e., simply connecting to the Integration Server's listening port). Instead, you will need to type the Integration Server Administrator's complete URL as shown below:
http://Server:Port /WmRoot/index.dsp
where:
Server is the name of the Integration Server, and
Port is the port on which it listens for HTTP requests.
3.
Check user accounts.
Verify that all user accounts have passwords as required.
4.
Check ACL assignments.
Verify that all secure services have correct ACL assignments.
5.
Check proxy server settings.
Verify that proxy server settings and bypass list are correct.
6.
Restrict access.
Configure allow/deny lists to restrict inbound requests as necessary.
7.
Install and configure digital certificates.
8.
Configure HTTP routing systems.
If your server sits behind a routing, load-balancing, or URL-filtering system, consult with the administrator of that system to ensure that it will pass inbound requests to the Integration Server.
9.
Configure write permissions for specific administrator users to the maskSessionID.properties file.
Provide only specific administrator users with write permissions to the maskSessionID.properties file. The remaining administrator users must have only read permissions to the particular file.
10.
Ensure security of operating system.
The security of your Integration Server depends on the security of your operating system. Therefore, make sure your operating system is properly configured, that all security patches have been applied, and that unnecessary network services, such as telnet or mail, have been removed.

Copyright © 2017-2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release