Show Menu
TOPICS×

Vendor-specific security information

This section contains security-related information about operating systems and application servers that are incorporated into your Adobe Access solution.
Use the links provided in this section to find vendor-specific security information for your operating system and application server.

Operating system security information

When securing your operating system, carefully implement the measures that are described by your operating system vendor, including these:
  • Defining and controlling users, roles, and privileges
  • Monitoring logs and audit trails
  • Removing unnecessary services and applications
  • Backing up files
For security information about operating systems that Adobe Access supports, see the resources in this table.
Operating System
Security Resource
Microsoft® Windows Server® 2008 Enterprise or Standard Edition
Windows Server 2008 Security Guide
Red Hat® Enterprise Linux® 5.4, 5.5, and 5.6.
Red Hat Enterprise Linux 5 Security Guide
The following table describes some potential approaches to minimizing security vulnerabilities that are found in the operating system.
Item
Description
Security patches
There is an increased risk that an unauthorized user may gain access to the application server if vendor security patches and upgrades are not applied in a timely fashion. Test security patches before you apply them to production servers.
Also, create policies and procedures to check for and install patches on a regular basis.
Virus protection software
Virus scanners can identify infected files by scanning for a signature or watching for unusual behavior. Scanners keep their virus signatures in a file, which is usually stored on the local hard drive. Because new viruses are discovered often, you must frequently update this file in order for the virus scanner to identify all current viruses.
Network Time Protocol (NTP)
For both proper operation and forensic analysis, keep accurate time on Adobe Access servers and Adobe Access packagers. Use a secure version of NTP to synchronize the time on all systems that are connected to the Internet.

Application server security information

When securing your application server, you must implement the measures that are described by your server vendor, including these:
  • Using non-obvious administrator user name
  • Disabling unnecessary services
  • Securing the console manager
  • Enabling secure cookies
  • Closing unneeded ports
  • Limiting administrative interfaces by IP addresses or domains
  • Using the Java™ Security Manager