Kbase 20274: Progress AdminService and Security on Windows NT/2000
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
10/16/2008 |
|
Status: Unverified
GOAL:
What type of Security is enforced with the Adminservice?
FACT(s) (Environment):
Progress 9.1x
Windows NT 32 Intel/Windows 2000
FIX:
When logged into an AdminServer with Progress Explorer, the user has the right to run all functions allowed in the Explorer.
To increase security the AdminServer (and all progress executables, scripts, files, application code, databases, etc.) should be user/password protected at the directory and/or file level. If the directories are protected, only the users in that group can access these tools and utilities.
This is also true for the Progress Explorer tool. Install Progress Explorer only for a user in the Administrator group. Protect the files and directories with directory or file level protection. Make sure the Administrator locks the workstation when away from the desk.
Another suggestion to increase security is to avoid using the default port when starting the AdminServer. The default ports are supplied to make it easy to start in a development environment but they should not be used in a deployment environment.
And last, if security is your specific concern, quarantine the machine that runs the AdminServer and Progress brokers/servers. Do not use the company's NIS or yellow pages for login to the machine:
- On a UNIX platform, use only the local /etc/passwd file
- On a Windows NT platform, don't allow any domain user (or passwords) to become part of the Administrator's group, except for those that need the information access to the machine, and logon names and passwords.