SlideShare une entreprise Scribd logo

Alfresco Security Best Practices 2012

Toni de la Fuente
Toni de la Fuente

Alfresco DevCon 2012 slides

Technologie
1  sur  40
Télécharger pour lire hors ligne
Alfresco Security Best Practices Toni de la Fuente ! Alfresco Senior Solutions Engineer! Blog: blyx.com Twitter: @ToniBlyx! ! toni.delafuente@alfresco.com!
Who I am? •  Alfresco Senior Solutions Engineer! •  Working with Alfresco for 5 years! •  More than 2 years as part of the team! •  Always involved with:! •  Operating Systems! •  Networks! •  Security! •  Open Source! •  Consultant & Auditor: ethical hacking, penetration tests.! •  And writing about that at blyx.com since 2002 !
Agenda •  Intro! •  Project life cycle and security! •  Planning! •  Installation! •  Post-install configuration and hardening! •  Maintenance! •  Monitoring and auditoring! •  Other security-related tasks! •  Demo: information leaks and metadata! •  Conclusions! •  Next steps!
The Alfresco Platform The Alfresco Platform A robust, modern ECM platform
 focused on scalability & usability ! Consumer like UI
 Document drag-and-drop with MS Office intergration! Management Business Process" Electronic Team Records Rules and workflow that users can use! Management Collaboration Social features
 content activity feeds & social feedback! Metadata and Security
 building rich context around content! Image Alfresco Rich Media Management Support Ecosystem of Integrations" CIFS, WebDAV, SharePoint, Exchange, GoogleDocs, CMIS, SAP, Salesforce, Process Web Content Kofax, and thousands more.
 Management Services !
Introduction
Introduction •  In Alfresco we must take security seriously.! •  Because we care about contents! •  If Alfresco stops working and that poses a problem for your business, security is important.! •  Security is a process not a product.! •  Think of protection, integrity and privacy.! •  Reduce as much as posible the MTBF, to guarantee minimum MTTR posible.! •  Taking into account the Security Plan of the organization, Contingency Plan and Disaster Recovery Plan.!
Project Life Cycle and Security
Planning and previous review! •  What should I secure? It depends on… •  Project needs •  Interfaces •  Users, applications or both •  Customization •  Architecture, high availability and scalability Document Collaboration Web Content Records Email Management Management Management Archive Interfaces? Number of…? Customization?
It depends on the network architecture B A Share Alfresco App Srv DataBase Content Store Index
Installation
Best practices and tips 1/2 •  Run Alfresco as a non-root user! •  Configure all ports beyond 1024! •  Authbind on Debian-like OS! •  IPTables port redirect! •  Avoid default password (admin, db, jmx).! •  Change default certificates and keys in SOLR.! •  Use keytool or your own certificates.! •  installRoot/alf_data/solr/CreateSSLKeystores.txt! •  Set permissions for configuration files, content store, indexes and logs. Only the user running Alfresco must be able to access this folders.! •  chown –R alfresco:alfresco installRoot/! •  chmod –R 600 installRoot/!
Best practices and tips 2/2 •  Before installing run Alfresco Environment Validation Tool in order to avoid conflictive services and ports.! •  Keep SSL active when possible:! •  Do not use self-signed certificates in live environments.! •  Take care with SSL Strip: force using SSL and teach your users!! •  Check your certificate strength on:! •  https://www.ssllabs.com/ssldb/analyze.html! •  Use Apache (or other web server) to protect your application server and services.! •  SELinux (review alfresco.sh)! •  When possible, run bundle installer to keep third party binary files controlled and avoid rootkits ! •  If third party applications are installed by OS rpm repository use rpm command! •  rpm –Vf /path/to/binary! •  rpm –V <rpm-name>! •  Check third party vulnerabilities often.!
Post Installation Configuration
Which ports should I open? IN Protocol' Port' TCP/UDP' IN/OUT' Activated' Comments' HTTP$ 8080$ TCP$ IN$ Yes$ Including$WebDav$ FTP$ 21$ TCP$ IN$ Yes$ Passive$mode$ SMTP$ 25$ TCP$ IN$ No$ $ CIFS$ 137,138$ UDP$ IN$ Yes$ $ CIFS$ 139,445$ TCP$ IN$ Yes$ $ IMAP$ 143$ TCP$ IN$ No$ $ Share$ 7070$ TCP$ IN$ Yes$ $ Point$$Protocol$ Tomcat$Admin$ 8005$ TCP$ IN$ Yes$ $ Tomcat$AJP$ 8009$ TCP$ IN$ Yes$ $ SOLR$admin$ 8443$ TCP$ IN$ Yes$ Cert$installation$on$the$ browser$needed$ NFS$ 111,2049$ TCP/UDP$ IN$ No$ $ Lotus$Quickr$ 6060$ TCP$ IN$ No$ $ RMI$ 50500T50507$ TCP$ IN$ Yes$ Used$by$EHCache$for$ cluster$and$JMX$ management$ JGroups$ 7800$ TCP$ IN$ No$ Cluster$discovery$$ JGroups$ 7801T7802$ TCP$ IN$ No$ Ehcache$RMI$ communication$between$ node$cluster$ OpenOffice$ 8100$ TCP$ IN$ Yes$ Localhost$only,$not$ needed$to$open.$ $
Which ports should I open and keep in mind? OUT Protocol' Port' TCP/UDP'IN/OUT' Activated' Comments' SMTP% 25% TCP% OUT% No% To%your%MTA.% DB%–%PostgreSQL% 5432% TCP% OUT% Yes*% Depending%on%DB% DB%–%MySQL% 3306% TCP% OUT% Yes*% Depending%on%DB% DB%–%MS%SQL%Server%1433% TCP% OUT% Yes*% Depending%on%DB% DB%–%Oracle% 1521% TCP% OUT% Yes*% Depending%on%DB% DB%–%DB2% 50000% TCP% OUT% Yes*% Depending%on%DB% LDAP% 396% TCP% OUT% No% For%authetication/sync% LDAPS% 636% TCP% OUT% No% For%authetication/sync% docs.google.com% 443% TCP% OUT% No% % OpenOffice% 8100% TCP% OUT% No% Only%for%remote%OpenOffice%or% Alfresco%Transformation%Server% JGroups% 7800T7802% TCP% OUT% No% Between%cluster%nodes% NFS% 111,2049% TCP/UDP% OUT% No% Only%if%using%remote%NFS%for% contentstore% Kerberos% 88% TCP/UDP% OUT% No% If%Kerberos%SSO%is%configured% DNS% 53% UDP% OUT% Yes% Basic%DNS%service% NTP% 123% UDP% OUT% Yes% Network%Time% % * Also allow outbound traffic to Facebook, Twitter, LinkedIn, Slideshare, Youtube, Flickr, Blogs if you are able to use Publishing Framework, Target Servers for Replication or Cloud Sync.
Control and review! •  Controls processes and ports used by the system (Linux): #  netstat  -­‐tulpn|grep  -­‐i  java   tcp                0            0  0.0.0.0:50500                0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  127.0.0.1:8005              0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:8009                  0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:139                    0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:8080                  0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:21                      0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:8443                  0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:445                    0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:7070                  0.0.0.0:*                  LISTEN    8591/java                 udp                0            0  0.0.0.0:137                    0.0.0.0:*                                  8591/java   ! •  On Windows OS: ! •  netstat –an | findstr <port #>!
Activate SSL for all services required •  HTTP à HTTPS! •  Appliance supporting SSL offloading! •  Activate HTTPS on a frontal web server (Apache, IIS, etc)! •  Activate HTTPS on the application server! •  FTP à FTPS ! •  Check official documentation! •  SharePoint (jetty) à SSL! •  You will avoid MS users related workarounds! •  Check official documentation! •  SMTP à SMTPS: IN and OUT! •  Check official documentation! •  IMAP à IMAP-SSL ! •  Greenmail (based) or Perdition or Stunnel! •  JGroups! •  Stunnel or Proxy!
Post installation configuration - 1/5 •  Redirect ports below 1024:! •  E.g. for FTP and IPTables: ! •  iptables -t nat -A PREROUTING -p tcp --dport 21-j REDIRECT --to-ports 2121! •  http://wiki.alfresco.com/wiki/File_Server_Configuration! •  Change JMX credentials and roles! •  http://blyx.com/2011/12/20/persistencia-en-las-credenciales- jmx-de-alfresco/! •  Make sure you have control of your logs! •  http://blyx.com/2011/06/02/consejos-sobre-los-logs-en-alfresco/!
Post installation configuration - 2/5 •  Are you going to use external authentication?! •  Encrypt communication between Alfresco and the LDAP/AD or SSO system (port 636 TCP for LDAPS)! •  Replication Service between on-premises?! •  HTTPS!!! •  Disable unneeded services:! •  ftp.enabled=false! •  cifs.enabled=false ! •  imap.server.enabled=false ! •  nfs.enabled=false ! •  transferservice.receiver.enabled=false! •  audit.enabled=false/true! •  webdav: disable on tomcat/webapps/alfresco/WEB-INF/web.xml! •  SharePoint: do not install VTI module if unneeded.!
Post installation configuration - 3/5 •  Backup configuration and sequence! •  Backup Lucene 2 AM! • installRoot/alf_data/backup-lucene-indexes! •  Backup SOLR 2 AM Alfresco core and 4 AM Archive core.! • installRoot/workspace-SpacesStore ! • installRoot/archive-SpacesStore! •  Backup SQL.! •  Backup contentStore, audit, etc.! •  Consider using LVM snapshots for the contenstore and snapshot-like backup for db! •  For small amounts of content you may use:! •  http://code.google.com/p/share-import-export/! •  Try recovery often as a preventive measure ! •  Add a checked Alfresco recovery procedure to your Contingence Plan! •  Consider using Replication Service for disaster recovery plan:! •  replication.enabled=true and replication.transfer.readonly=false!
Post installation configuration - 4/5 •  Disable guest user:! •  For NTLM-Default:! • alfresco.authentication.allowGuestLogin=false (default is true)! •  For pass-through:! • passthru.authentication.guestAccess=false (default is false)! •  For LDAP/AD:! • ldap.authentication.allowGuestLogin=false (default is true)! •  Limit number of users and state of the repository:! •  server.maxusers=-1 (-1 no limit)! •  server.allowedusers=admin,toni,bill (empty for all)! •  server.transaction.allow-writes=true (false to turn the whole system into read only mode)!
Post installation configuration - 5/5 •  Do you want to have control of deletion?! •  http://camelcase.blogspot.com/2011/03/purge-alfresco-archived- nodes.html! •  Disable trashcan:! •  Create a file like *-context.xml with the following content:! <bean  id="storeArchiveMap"   class="org.alfresco.repo.node.StoreArchiveMap">              <property  name="archiveMap">                    <map>              </map>              </property>              <property  name="tenantService">                    <ref  bean="tenantService"  />              </property>        </bean>  
Maintenance
Maintenance •  Daily review of logs and audit records (if enabled).! •  Daily review of backup, and monthly restoring!! •  Delete orphan files, log rotation/compression and temporary files cleaning.! •  Use a crontab script, for further information:! •  http://www.fegor.com/2011/08/mantenimiento-diario-de- alfresco.html!
Monitoring and Auditory
Monitoring and Auditory •  JMX! •  Jconsole! •  VisualVM! •  Hyperic! •  http://blyx.com/2009/11/19/monitoring-alfresco-nagiosicinga- hyperic-auditsurf-jmx-rocks/! •  Nagios/Icinga! •  http://blyx.com/2009/11/19/monitoring-alfresco-nagiosicinga- hyperic-auditsurf-jmx-rocks/! •  Javamelody! •  http://blyx.com/2010/09/13/monitoring-alfresco-con-javamelody/! !
Nagios/Icinga plugin •  Always monitoring! ! •  Nagios4Alfresco Plugin!
Monitoring and Auditory •  Failed logins auditory:! audit.enabled=true   audit.tagging.enabled=true     audit.alfresco-­‐access.enabled=true   audit.alfresco-­‐access.sub-­‐events.enabled=true     audit.cmischangelog.enabled=true     •  To know what is being audited:! $  curl  -­‐u  admin:admin  http://localhost:8080/alfresco/service/api/audit/control! •  Rename: tomcat/shared/classes/alfresco/extension/audit/ alfresco-audit-example-login.xml.sample ! $  curl  -­‐u  admin:admin  "http://localhost:8080/alfresco/service/api/audit/query/ AuditExampleLogin1/auditexamplelogin1/login/error/user?verbose=true"   {        "count":5,        "entries":          [    {    "id":7,                    "application":"AuditExampleLogin1",                    "user":null,                    "time":"2012-­‐03-­‐05T19:20:48.994+01:00",                    "values":                    {  "/auditexamplelogin1/login/error/user":"toni"                    }  }        
Other security-related tasks
Other security-related tasks - 1/2 •  Avoid information leaks through metadata (demo)! •  content + metadata in Alfresco DB ! !vs.! •  (content + metadata) + metadata in Alfresco! •  Consider using the new type “d:encrypted”! •  Add checksum to the content (third party development)! •  User blocking after a certain number of failed authentications (LDAP or third party)! •  Change webdav visibility root! •  Session timeout for Explorer and Webdav! •  Session timeout for Share! •  Session timeout for CIFS! •  Set CIFS and FTP on read only mode if required!
Other security-related tasks - 2/2 •  Consider using a network scanner in order to avoid storing of viruses and trojans or an internal action like ALFVIRAL (Google Code). ! •  mod_security to limit file size or intercept content (audit purposes).! •  To filter which applications can access to services or remote API! ! <Location  /alfresco/service/*>    order  allow,deny    allow  from  localhost.localdomain    #  Add  additional  allowed  hosts  as  needed    #  allow  from  .example.com   </Location>     <Location  /share/service/*>        order  allow,deny        allow  from  localhost.localdomain        allow  from  79.148.213.73      #  allow  from  .example.com   </Location>  
Demo: Alfresco for avoid leaks information
Demo Script •  Starting an attack: gathering information! •  Google Hacking! •  FOCA! •  Exiftool & wget! •  Publishing/Replication/Sync contents with Alfresco (web sites, blog, social networks or just contents.)! •  Backdoors and metadata: yes, we can…! •  Cleaning contents with Alfresco! •  cmd-line-action-clean-metadata-1.0.1.amp! •  Configuration (script + alfresco-global.properties)! •  Add rule! •  Test!
Tools, References and Links •  Gathering info tools:! •  Cleaners:! •  FOCA - http://www.informatica64.com/ •  Exiftool! foca.aspx! •  OOMetaExtractor - •  Exiftool - http://www.codeplex.org/ http://owl.phy.queensu.ca/~phil/ oometaextractor! exiftool/ ! •  MS Office 2003 & XP •  Metagoofil - http://www.microsoft.com/ http://www.edge-security.com/ downloads/details.aspx? metagoofil.php! displaylang=en&FamilyID=144e5 4edd43e-42ca- •  Libextractor - bc7b-5446d34e5360! http://www.gnu.org/software/ libextractor/! •  BatchPurifier - $19 (BatchPurifierCon.exe)! •  Shodan - http://www.shodanhq.com/! •  Explanation:! •  Alfresco Security Toolkit CMD •  http://blyx.com – theory! LINE ! •  http://blyx.com – practice / POC ! •  cmd-line-action-clean- metadata-1.0.1.amp!
Conclusions
Conclusions •  Working on Security could be sometimes a nightmare but…! ! Picture from: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-alonso-palazon-tactical_fingerprinting.pdf
Conclusions •  Trust no one, including users!! •  Nobody cleans documents.! •  Almost everything can reveal information! •  Currently we have tools and information available to secure Alfresco, but unfortunately they are not on a single place and we have to improve some of them.! •  Remember: security measures have to be taken constantly!! •  Other topics to be covered in future related to security:! •  Security in development! •  In-depth auditory ! •  Users, roles and permissions.! •  Authentication subsystems creation (webinar already carried out in Spanish)! •  SSO with CAS, Siteminder, OpenSSO, JoSSO, ForgeRock, Oracle Identity Manager, etc. ! •  PKI integration or best practices for digital signatures, content encryption, etc.!
Next steps •  Lets use “Alfresco Security Toolkit” as main project for collection of security related docs and tools. ! •  http://code.google.com/p/alfresco-security-toolkit/! •  “Hardening Alfresco Guide”.! •  “Bastille Alfresco” – useful?! •  Any idea? !
Any questions?
# while you=applause; do echo THANKS!; done Toni de la Fuente! Alfresco Senior Solutions Engineer! Blog: blyx.com Twitter: @ToniBlyx! ! toni.delafuente@alfresco.com!

Recommandé

Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Toni de la Fuente
 
Alfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLYAlfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLYToni de la Fuente
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Toni de la Fuente
 
Guide to alfresco monitoring
Guide to alfresco monitoringGuide to alfresco monitoring
Guide to alfresco monitoringMiguel Rodriguez
 
Monitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/IcingaMonitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/IcingaToni de la Fuente
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1Luis Cabaceira
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Angel Borroy López
 

Recommandé

Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Alfresco Security Best Practices 2014
Alfresco Security Best Practices 2014Toni de la Fuente
 
Alfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLYAlfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLYToni de la Fuente
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Toni de la Fuente
 
Guide to alfresco monitoring
Guide to alfresco monitoringGuide to alfresco monitoring
Guide to alfresco monitoringMiguel Rodriguez
 
Monitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/IcingaMonitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/IcingaToni de la Fuente
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1Luis Cabaceira
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Angel Borroy López
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106Angel Borroy López
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyAmit Aggarwal
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingAngel Borroy López
 
Iptablesrocks
IptablesrocksIptablesrocks
Iptablesrocksqwer_asdf
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
F03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaF03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaAngel Borroy López
 
Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates Angel Borroy López
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAs24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAsKellyn Pot'Vin-Gorman
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesSeveralnines
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureAngelo Failla
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 
Apache Camel: Jetty Component With Example
Apache Camel: Jetty Component With ExampleApache Camel: Jetty Component With Example
Apache Camel: Jetty Component With ExampleAmit Aggarwal
 
How To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesHow To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesSeveralnines
 
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian Robinson
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian RobinsonGraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian Robinson
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian RobinsonNeo4j
 
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoToni de la Fuente
 
Linux Cluster Job Management Systems (SGE)
Linux Cluster Job Management Systems (SGE)Linux Cluster Job Management Systems (SGE)
Linux Cluster Job Management Systems (SGE)anandvaidya
 

Contenu connexe

Tendances

Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyAmit Aggarwal
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingAngel Borroy López
 
Iptablesrocks
IptablesrocksIptablesrocks
Iptablesrocksqwer_asdf
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
F03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaF03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaAngel Borroy López
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open sourceIngo Walz
 
24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAs24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAsKellyn Pot'Vin-Gorman
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesSeveralnines
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureAngelo Failla
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 
Apache Camel: Jetty Component With Example
Apache Camel: Jetty Component With ExampleApache Camel: Jetty Component With Example
Apache Camel: Jetty Component With ExampleAmit Aggarwal
 
How To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesHow To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesSeveralnines
 
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian Robinson
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian RobinsonGraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian Robinson
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian RobinsonNeo4j
 

Tendances (20)

Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installing
 
Iptablesrocks
IptablesrocksIptablesrocks
Iptablesrocks
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
F03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragozaF03 a history of (open) conversation alfresco at university of zaragoza
F03 a history of (open) conversation alfresco at university of zaragoza
 
Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open source
 
24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAs24HOP Introduction to Linux for SQL Server DBAs
24HOP Introduction to Linux for SQL Server DBAs
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - Slides
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructureDevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
DevopsItalia2015 - DHCP at Facebook - Evolution of an infrastructure
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
 
Apache Camel: Jetty Component With Example
Apache Camel: Jetty Component With ExampleApache Camel: Jetty Component With Example
Apache Camel: Jetty Component With Example
 
How To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesHow To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - Slides
 
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian Robinson
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian RobinsonGraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian Robinson
GraphConnect Europe 2016 - Moving Graphs to Production at Scale - Ian Robinson
 

En vedette

Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoToni de la Fuente
 
Linux Cluster Job Management Systems (SGE)
Linux Cluster Job Management Systems (SGE)Linux Cluster Job Management Systems (SGE)
Linux Cluster Job Management Systems (SGE)anandvaidya
 
Apache Chemistry: The Alfresco Open Source Implementation of CMIS
Apache Chemistry: The Alfresco Open Source Implementation of CMISApache Chemistry: The Alfresco Open Source Implementation of CMIS
Apache Chemistry: The Alfresco Open Source Implementation of CMISAlfresco Software
 
Alfresco scalability and performnce
Alfresco scalability and performnceAlfresco scalability and performnce
Alfresco scalability and performncePaul Hampton
 
The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...
The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...
The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...Symphony Software Foundation
 
CMIS and Apache Chemistry (ApacheCon 2010)
CMIS and Apache Chemistry (ApacheCon 2010) CMIS and Apache Chemistry (ApacheCon 2010)
CMIS and Apache Chemistry (ApacheCon 2010) Florent Guillaume
 
Alfresco As SharePoint Alternative - Architecture Overview
Alfresco As SharePoint Alternative - Architecture OverviewAlfresco As SharePoint Alternative - Architecture Overview
Alfresco As SharePoint Alternative - Architecture OverviewAlfresco Software
 
Developer’s intro to the alfresco platform
Developer’s intro to the alfresco platformDeveloper’s intro to the alfresco platform
Developer’s intro to the alfresco platformAlfresco Software
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions Alfresco Software
 
Intro to Alfresco for Developers
Intro to Alfresco for DevelopersIntro to Alfresco for Developers
Intro to Alfresco for DevelopersJeff Potts
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platformLuis Cabaceira
 
Getting Started with CMIS
Getting Started with CMISGetting Started with CMIS
Getting Started with CMISJeff Potts
 
Alfresco in few points - Search Tutorial
Alfresco in few points - Search TutorialAlfresco in few points - Search Tutorial
Alfresco in few points - Search TutorialPASCAL Jean Marie
 
Alfresco 5.2 REST API
Alfresco 5.2 REST APIAlfresco 5.2 REST API
Alfresco 5.2 REST APIJ V
 
Alfresco In An Hour - Document Management, Web Content Management, and Collab...
Alfresco In An Hour - Document Management, Web Content Management, and Collab...Alfresco In An Hour - Document Management, Web Content Management, and Collab...
Alfresco In An Hour - Document Management, Web Content Management, and Collab...Alfresco Software
 
Alfresco勉強会#26 alfresco community 5.0でssoを設定する
Alfresco勉強会#26 alfresco community 5.0でssoを設定するAlfresco勉強会#26 alfresco community 5.0でssoを設定する
Alfresco勉強会#26 alfresco community 5.0でssoを設定するTasuku Otani
 
0からわかるAlfresco
0からわかるAlfresco0からわかるAlfresco
0からわかるAlfrescoMoritakaSoma
 
Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...
Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...
Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...Alfresco Software
 

En vedette (20)

Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
 
Linux Cluster Job Management Systems (SGE)
Linux Cluster Job Management Systems (SGE)Linux Cluster Job Management Systems (SGE)
Linux Cluster Job Management Systems (SGE)
 
Apache Chemistry: The Alfresco Open Source Implementation of CMIS
Apache Chemistry: The Alfresco Open Source Implementation of CMISApache Chemistry: The Alfresco Open Source Implementation of CMIS
Apache Chemistry: The Alfresco Open Source Implementation of CMIS
 
Alfresco scalability and performnce
Alfresco scalability and performnceAlfresco scalability and performnce
Alfresco scalability and performnce
 
Storage and Alfresco
Storage and AlfrescoStorage and Alfresco
Storage and Alfresco
 
The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...
The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...
The Alfresco ECM 1 Billion Document Benchmark on AWS and Aurora - Benchmark ...
 
CMIS and Apache Chemistry (ApacheCon 2010)
CMIS and Apache Chemistry (ApacheCon 2010) CMIS and Apache Chemistry (ApacheCon 2010)
CMIS and Apache Chemistry (ApacheCon 2010)
 
Alfresco As SharePoint Alternative - Architecture Overview
Alfresco As SharePoint Alternative - Architecture OverviewAlfresco As SharePoint Alternative - Architecture Overview
Alfresco As SharePoint Alternative - Architecture Overview
 
Developer’s intro to the alfresco platform
Developer’s intro to the alfresco platformDeveloper’s intro to the alfresco platform
Developer’s intro to the alfresco platform
 
Spring In Alfresco Ecm
Spring In Alfresco EcmSpring In Alfresco Ecm
Spring In Alfresco Ecm
 
Scale your Alfresco Solutions
Scale your Alfresco Solutions Scale your Alfresco Solutions
Scale your Alfresco Solutions
 
Intro to Alfresco for Developers
Intro to Alfresco for DevelopersIntro to Alfresco for Developers
Intro to Alfresco for Developers
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platform
 
Getting Started with CMIS
Getting Started with CMISGetting Started with CMIS
Getting Started with CMIS
 
Alfresco in few points - Search Tutorial
Alfresco in few points - Search TutorialAlfresco in few points - Search Tutorial
Alfresco in few points - Search Tutorial
 
Alfresco 5.2 REST API
Alfresco 5.2 REST APIAlfresco 5.2 REST API
Alfresco 5.2 REST API
 
Alfresco In An Hour - Document Management, Web Content Management, and Collab...
Alfresco In An Hour - Document Management, Web Content Management, and Collab...Alfresco In An Hour - Document Management, Web Content Management, and Collab...
Alfresco In An Hour - Document Management, Web Content Management, and Collab...
 
Alfresco勉強会#26 alfresco community 5.0でssoを設定する
Alfresco勉強会#26 alfresco community 5.0でssoを設定するAlfresco勉強会#26 alfresco community 5.0でssoを設定する
Alfresco勉強会#26 alfresco community 5.0でssoを設定する
 
0からわかるAlfresco
0からわかるAlfresco0からわかるAlfresco
0からわかるAlfresco
 
Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...
Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...
Total Cost Of Ownership For ECM - Compares Documentum, SharePoint, OpenText a...
 

Similaire à Alfresco Security Best Practices 2012

FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
Devoxx Maroc 2015 HTTP 1, HTTP 2 and folks
Devoxx Maroc 2015 HTTP 1, HTTP 2 and folksDevoxx Maroc 2015 HTTP 1, HTTP 2 and folks
Devoxx Maroc 2015 HTTP 1, HTTP 2 and folksNicolas Martignole
 
What is NetDevOps? How? Leslie Carr PuppetConf 2015
What is NetDevOps? How? Leslie Carr PuppetConf 2015What is NetDevOps? How? Leslie Carr PuppetConf 2015
What is NetDevOps? How? Leslie Carr PuppetConf 2015Leslie Carr
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioDevOps4Networks
 
From nothing to Prometheus : one year after
From nothing to Prometheus : one year afterFrom nothing to Prometheus : one year after
From nothing to Prometheus : one year afterAntoine Leroyer
 
MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011Mike Willbanks
 
Full Stack Load Testing
Full Stack Load Testing Full Stack Load Testing
Full Stack Load Testing Terral R Jordan
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek PROIDEA
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackJakub Hajek
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013Alan Quayle
 
Terraform - Taming Modern Clouds
Terraform - Taming Modern CloudsTerraform - Taming Modern Clouds
Terraform - Taming Modern CloudsNic Jackson
 
The Integration of Laravel with Swoole
The Integration of Laravel with SwooleThe Integration of Laravel with Swoole
The Integration of Laravel with SwooleAlbert Chen
 
Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up Abhishek Singh
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...Aman Kohli
 
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st CenturyGnu Alsonative
 
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st CenturyGnu Alsonative
 

Similaire à Alfresco Security Best Practices 2012 (20)

FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow Controller
 
Devoxx Maroc 2015 HTTP 1, HTTP 2 and folks
Devoxx Maroc 2015 HTTP 1, HTTP 2 and folksDevoxx Maroc 2015 HTTP 1, HTTP 2 and folks
Devoxx Maroc 2015 HTTP 1, HTTP 2 and folks
 
What is NetDevOps? How? Leslie Carr PuppetConf 2015
What is NetDevOps? How? Leslie Carr PuppetConf 2015What is NetDevOps? How? Leslie Carr PuppetConf 2015
What is NetDevOps? How? Leslie Carr PuppetConf 2015
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
 
From nothing to Prometheus : one year after
From nothing to Prometheus : one year afterFrom nothing to Prometheus : one year after
From nothing to Prometheus : one year after
 
MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011
 
Full Stack Load Testing
Full Stack Load Testing Full Stack Load Testing
Full Stack Load Testing
 
Rest Vs Soap Yawn2289
Rest Vs Soap Yawn2289Rest Vs Soap Yawn2289
Rest Vs Soap Yawn2289
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013Apidaze WebRTC Workshop barcelona 21st april 2013
Apidaze WebRTC Workshop barcelona 21st april 2013
 
Terraform - Taming Modern Clouds
Terraform - Taming Modern CloudsTerraform - Taming Modern Clouds
Terraform - Taming Modern Clouds
 
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
WebRTC Summit November 2013 - WebRTC Interoperability (and why it is important)
 
LACNOG - Logging in the Post-IPv4 World
LACNOG - Logging in the Post-IPv4 WorldLACNOG - Logging in the Post-IPv4 World
LACNOG - Logging in the Post-IPv4 World
 
The Integration of Laravel with Swoole
The Integration of Laravel with SwooleThe Integration of Laravel with Swoole
The Integration of Laravel with Swoole
 
Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
 
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
 
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
 

Plus de Toni de la Fuente

SANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceSANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceToni de la Fuente
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceToni de la Fuente
 
Alfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up AlfrescoAlfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up AlfrescoToni de la Fuente
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessToni de la Fuente
 
Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018Toni de la Fuente
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
From zero to hero Backing up alfresco
From zero to hero Backing up alfrescoFrom zero to hero Backing up alfresco
From zero to hero Backing up alfrescoToni de la Fuente
 
Seguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicosSeguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicosToni de la Fuente
 
Alfresco Security Best Practices Guide
Alfresco Security Best Practices GuideAlfresco Security Best Practices Guide
Alfresco Security Best Practices GuideToni de la Fuente
 
Alfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperAlfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperToni de la Fuente
 
Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014Toni de la Fuente
 
Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community Toni de la Fuente
 
Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0Toni de la Fuente
 
Consejos de seguridad con Alfresco
Consejos de seguridad con AlfrescoConsejos de seguridad con Alfresco
Consejos de seguridad con AlfrescoToni de la Fuente
 
Alfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en españolAlfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en españolToni de la Fuente
 
Alfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - CommunityAlfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - CommunityToni de la Fuente
 
Alfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiAlfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiToni de la Fuente
 
Alfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASSAlfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASSToni de la Fuente
 
Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2Toni de la Fuente
 
Alfresco Day Madrid - Partner - CSC
Alfresco Day Madrid - Partner - CSCAlfresco Day Madrid - Partner - CSC
Alfresco Day Madrid - Partner - CSCToni de la Fuente
 

Plus de Toni de la Fuente (20)

SANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceSANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a Service
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a Service
 
Alfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up AlfrescoAlfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up Alfresco
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
 
Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
From zero to hero Backing up alfresco
From zero to hero Backing up alfrescoFrom zero to hero Backing up alfresco
From zero to hero Backing up alfresco
 
Seguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicosSeguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicos
 
Alfresco Security Best Practices Guide
Alfresco Security Best Practices GuideAlfresco Security Best Practices Guide
Alfresco Security Best Practices Guide
 
Alfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperAlfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White Paper
 
Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014
 
Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community
 
Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0
 
Consejos de seguridad con Alfresco
Consejos de seguridad con AlfrescoConsejos de seguridad con Alfresco
Consejos de seguridad con Alfresco
 
Alfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en españolAlfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en español
 
Alfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - CommunityAlfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - Community
 
Alfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiAlfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - Activiti
 
Alfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASSAlfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASS
 
Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2
 
Alfresco Day Madrid - Partner - CSC
Alfresco Day Madrid - Partner - CSCAlfresco Day Madrid - Partner - CSC
Alfresco Day Madrid - Partner - CSC
 

Dernier

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Dernier (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Alfresco Security Best Practices 2012

  • 1. Alfresco Security Best Practices Toni de la Fuente ! Alfresco Senior Solutions Engineer! Blog: blyx.com Twitter: @ToniBlyx! ! toni.delafuente@alfresco.com!
  • 2. Who I am? •  Alfresco Senior Solutions Engineer! •  Working with Alfresco for 5 years! •  More than 2 years as part of the team! •  Always involved with:! •  Operating Systems! •  Networks! •  Security! •  Open Source! •  Consultant & Auditor: ethical hacking, penetration tests.! •  And writing about that at blyx.com since 2002 !
  • 3. Agenda •  Intro! •  Project life cycle and security! •  Planning! •  Installation! •  Post-install configuration and hardening! •  Maintenance! •  Monitoring and auditoring! •  Other security-related tasks! •  Demo: information leaks and metadata! •  Conclusions! •  Next steps!
  • 4. The Alfresco Platform The Alfresco Platform A robust, modern ECM platform
 focused on scalability & usability ! Consumer like UI
 Document drag-and-drop with MS Office intergration! Management Business Process" Electronic Team Records Rules and workflow that users can use! Management Collaboration Social features
 content activity feeds & social feedback! Metadata and Security
 building rich context around content! Image Alfresco Rich Media Management Support Ecosystem of Integrations" CIFS, WebDAV, SharePoint, Exchange, GoogleDocs, CMIS, SAP, Salesforce, Process Web Content Kofax, and thousands more.
 Management Services !
  • 6. Introduction •  In Alfresco we must take security seriously.! •  Because we care about contents! •  If Alfresco stops working and that poses a problem for your business, security is important.! •  Security is a process not a product.! •  Think of protection, integrity and privacy.! •  Reduce as much as posible the MTBF, to guarantee minimum MTTR posible.! •  Taking into account the Security Plan of the organization, Contingency Plan and Disaster Recovery Plan.!
  • 7. Project Life Cycle and Security
  • 8. Planning and previous review! •  What should I secure? It depends on… •  Project needs •  Interfaces •  Users, applications or both •  Customization •  Architecture, high availability and scalability Document Collaboration Web Content Records Email Management Management Management Archive Interfaces? Number of…? Customization?
  • 9. It depends on the network architecture B A Share Alfresco App Srv DataBase Content Store Index
  • 11. Best practices and tips 1/2 •  Run Alfresco as a non-root user! •  Configure all ports beyond 1024! •  Authbind on Debian-like OS! •  IPTables port redirect! •  Avoid default password (admin, db, jmx).! •  Change default certificates and keys in SOLR.! •  Use keytool or your own certificates.! •  installRoot/alf_data/solr/CreateSSLKeystores.txt! •  Set permissions for configuration files, content store, indexes and logs. Only the user running Alfresco must be able to access this folders.! •  chown –R alfresco:alfresco installRoot/! •  chmod –R 600 installRoot/!
  • 12. Best practices and tips 2/2 •  Before installing run Alfresco Environment Validation Tool in order to avoid conflictive services and ports.! •  Keep SSL active when possible:! •  Do not use self-signed certificates in live environments.! •  Take care with SSL Strip: force using SSL and teach your users!! •  Check your certificate strength on:! •  https://www.ssllabs.com/ssldb/analyze.html! •  Use Apache (or other web server) to protect your application server and services.! •  SELinux (review alfresco.sh)! •  When possible, run bundle installer to keep third party binary files controlled and avoid rootkits ! •  If third party applications are installed by OS rpm repository use rpm command! •  rpm –Vf /path/to/binary! •  rpm –V <rpm-name>! •  Check third party vulnerabilities often.!
  • 14. Which ports should I open? IN Protocol' Port' TCP/UDP' IN/OUT' Activated' Comments' HTTP$ 8080$ TCP$ IN$ Yes$ Including$WebDav$ FTP$ 21$ TCP$ IN$ Yes$ Passive$mode$ SMTP$ 25$ TCP$ IN$ No$ $ CIFS$ 137,138$ UDP$ IN$ Yes$ $ CIFS$ 139,445$ TCP$ IN$ Yes$ $ IMAP$ 143$ TCP$ IN$ No$ $ Share$ 7070$ TCP$ IN$ Yes$ $ Point$$Protocol$ Tomcat$Admin$ 8005$ TCP$ IN$ Yes$ $ Tomcat$AJP$ 8009$ TCP$ IN$ Yes$ $ SOLR$admin$ 8443$ TCP$ IN$ Yes$ Cert$installation$on$the$ browser$needed$ NFS$ 111,2049$ TCP/UDP$ IN$ No$ $ Lotus$Quickr$ 6060$ TCP$ IN$ No$ $ RMI$ 50500T50507$ TCP$ IN$ Yes$ Used$by$EHCache$for$ cluster$and$JMX$ management$ JGroups$ 7800$ TCP$ IN$ No$ Cluster$discovery$$ JGroups$ 7801T7802$ TCP$ IN$ No$ Ehcache$RMI$ communication$between$ node$cluster$ OpenOffice$ 8100$ TCP$ IN$ Yes$ Localhost$only,$not$ needed$to$open.$ $
  • 15. Which ports should I open and keep in mind? OUT Protocol' Port' TCP/UDP'IN/OUT' Activated' Comments' SMTP% 25% TCP% OUT% No% To%your%MTA.% DB%–%PostgreSQL% 5432% TCP% OUT% Yes*% Depending%on%DB% DB%–%MySQL% 3306% TCP% OUT% Yes*% Depending%on%DB% DB%–%MS%SQL%Server%1433% TCP% OUT% Yes*% Depending%on%DB% DB%–%Oracle% 1521% TCP% OUT% Yes*% Depending%on%DB% DB%–%DB2% 50000% TCP% OUT% Yes*% Depending%on%DB% LDAP% 396% TCP% OUT% No% For%authetication/sync% LDAPS% 636% TCP% OUT% No% For%authetication/sync% docs.google.com% 443% TCP% OUT% No% % OpenOffice% 8100% TCP% OUT% No% Only%for%remote%OpenOffice%or% Alfresco%Transformation%Server% JGroups% 7800T7802% TCP% OUT% No% Between%cluster%nodes% NFS% 111,2049% TCP/UDP% OUT% No% Only%if%using%remote%NFS%for% contentstore% Kerberos% 88% TCP/UDP% OUT% No% If%Kerberos%SSO%is%configured% DNS% 53% UDP% OUT% Yes% Basic%DNS%service% NTP% 123% UDP% OUT% Yes% Network%Time% % * Also allow outbound traffic to Facebook, Twitter, LinkedIn, Slideshare, Youtube, Flickr, Blogs if you are able to use Publishing Framework, Target Servers for Replication or Cloud Sync.
  • 16. Control and review! •  Controls processes and ports used by the system (Linux): #  netstat  -­‐tulpn|grep  -­‐i  java   tcp                0            0  0.0.0.0:50500                0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  127.0.0.1:8005              0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:8009                  0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:139                    0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:8080                  0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:21                      0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:8443                  0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:445                    0.0.0.0:*                  LISTEN    8591/java                 tcp                0            0  0.0.0.0:7070                  0.0.0.0:*                  LISTEN    8591/java                 udp                0            0  0.0.0.0:137                    0.0.0.0:*                                  8591/java   ! •  On Windows OS: ! •  netstat –an | findstr <port #>!
  • 17. Activate SSL for all services required •  HTTP à HTTPS! •  Appliance supporting SSL offloading! •  Activate HTTPS on a frontal web server (Apache, IIS, etc)! •  Activate HTTPS on the application server! •  FTP à FTPS ! •  Check official documentation! •  SharePoint (jetty) à SSL! •  You will avoid MS users related workarounds! •  Check official documentation! •  SMTP à SMTPS: IN and OUT! •  Check official documentation! •  IMAP à IMAP-SSL ! •  Greenmail (based) or Perdition or Stunnel! •  JGroups! •  Stunnel or Proxy!
  • 18. Post installation configuration - 1/5 •  Redirect ports below 1024:! •  E.g. for FTP and IPTables: ! •  iptables -t nat -A PREROUTING -p tcp --dport 21-j REDIRECT --to-ports 2121! •  http://wiki.alfresco.com/wiki/File_Server_Configuration! •  Change JMX credentials and roles! •  http://blyx.com/2011/12/20/persistencia-en-las-credenciales- jmx-de-alfresco/! •  Make sure you have control of your logs! •  http://blyx.com/2011/06/02/consejos-sobre-los-logs-en-alfresco/!
  • 19. Post installation configuration - 2/5 •  Are you going to use external authentication?! •  Encrypt communication between Alfresco and the LDAP/AD or SSO system (port 636 TCP for LDAPS)! •  Replication Service between on-premises?! •  HTTPS!!! •  Disable unneeded services:! •  ftp.enabled=false! •  cifs.enabled=false ! •  imap.server.enabled=false ! •  nfs.enabled=false ! •  transferservice.receiver.enabled=false! •  audit.enabled=false/true! •  webdav: disable on tomcat/webapps/alfresco/WEB-INF/web.xml! •  SharePoint: do not install VTI module if unneeded.!
  • 20. Post installation configuration - 3/5 •  Backup configuration and sequence! •  Backup Lucene 2 AM! • installRoot/alf_data/backup-lucene-indexes! •  Backup SOLR 2 AM Alfresco core and 4 AM Archive core.! • installRoot/workspace-SpacesStore ! • installRoot/archive-SpacesStore! •  Backup SQL.! •  Backup contentStore, audit, etc.! •  Consider using LVM snapshots for the contenstore and snapshot-like backup for db! •  For small amounts of content you may use:! •  http://code.google.com/p/share-import-export/! •  Try recovery often as a preventive measure ! •  Add a checked Alfresco recovery procedure to your Contingence Plan! •  Consider using Replication Service for disaster recovery plan:! •  replication.enabled=true and replication.transfer.readonly=false!
  • 21. Post installation configuration - 4/5 •  Disable guest user:! •  For NTLM-Default:! • alfresco.authentication.allowGuestLogin=false (default is true)! •  For pass-through:! • passthru.authentication.guestAccess=false (default is false)! •  For LDAP/AD:! • ldap.authentication.allowGuestLogin=false (default is true)! •  Limit number of users and state of the repository:! •  server.maxusers=-1 (-1 no limit)! •  server.allowedusers=admin,toni,bill (empty for all)! •  server.transaction.allow-writes=true (false to turn the whole system into read only mode)!
  • 22. Post installation configuration - 5/5 •  Do you want to have control of deletion?! •  http://camelcase.blogspot.com/2011/03/purge-alfresco-archived- nodes.html! •  Disable trashcan:! •  Create a file like *-context.xml with the following content:! <bean  id="storeArchiveMap"   class="org.alfresco.repo.node.StoreArchiveMap">              <property  name="archiveMap">                    <map>              </map>              </property>              <property  name="tenantService">                    <ref  bean="tenantService"  />              </property>        </bean>  
  • 24. Maintenance •  Daily review of logs and audit records (if enabled).! •  Daily review of backup, and monthly restoring!! •  Delete orphan files, log rotation/compression and temporary files cleaning.! •  Use a crontab script, for further information:! •  http://www.fegor.com/2011/08/mantenimiento-diario-de- alfresco.html!
  • 26. Monitoring and Auditory •  JMX! •  Jconsole! •  VisualVM! •  Hyperic! •  http://blyx.com/2009/11/19/monitoring-alfresco-nagiosicinga- hyperic-auditsurf-jmx-rocks/! •  Nagios/Icinga! •  http://blyx.com/2009/11/19/monitoring-alfresco-nagiosicinga- hyperic-auditsurf-jmx-rocks/! •  Javamelody! •  http://blyx.com/2010/09/13/monitoring-alfresco-con-javamelody/! !
  • 27. Nagios/Icinga plugin •  Always monitoring! ! •  Nagios4Alfresco Plugin!
  • 28. Monitoring and Auditory •  Failed logins auditory:! audit.enabled=true   audit.tagging.enabled=true     audit.alfresco-­‐access.enabled=true   audit.alfresco-­‐access.sub-­‐events.enabled=true     audit.cmischangelog.enabled=true     •  To know what is being audited:! $  curl  -­‐u  admin:admin  http://localhost:8080/alfresco/service/api/audit/control! •  Rename: tomcat/shared/classes/alfresco/extension/audit/ alfresco-audit-example-login.xml.sample ! $  curl  -­‐u  admin:admin  "http://localhost:8080/alfresco/service/api/audit/query/ AuditExampleLogin1/auditexamplelogin1/login/error/user?verbose=true"   {        "count":5,        "entries":          [    {    "id":7,                    "application":"AuditExampleLogin1",                    "user":null,                    "time":"2012-­‐03-­‐05T19:20:48.994+01:00",                    "values":                    {  "/auditexamplelogin1/login/error/user":"toni"                    }  }        
  • 30. Other security-related tasks - 1/2 •  Avoid information leaks through metadata (demo)! •  content + metadata in Alfresco DB ! !vs.! •  (content + metadata) + metadata in Alfresco! •  Consider using the new type “d:encrypted”! •  Add checksum to the content (third party development)! •  User blocking after a certain number of failed authentications (LDAP or third party)! •  Change webdav visibility root! •  Session timeout for Explorer and Webdav! •  Session timeout for Share! •  Session timeout for CIFS! •  Set CIFS and FTP on read only mode if required!
  • 31. Other security-related tasks - 2/2 •  Consider using a network scanner in order to avoid storing of viruses and trojans or an internal action like ALFVIRAL (Google Code). ! •  mod_security to limit file size or intercept content (audit purposes).! •  To filter which applications can access to services or remote API! ! <Location  /alfresco/service/*>    order  allow,deny    allow  from  localhost.localdomain    #  Add  additional  allowed  hosts  as  needed    #  allow  from  .example.com   </Location>     <Location  /share/service/*>        order  allow,deny        allow  from  localhost.localdomain        allow  from  79.148.213.73      #  allow  from  .example.com   </Location>  
  • 32. Demo: Alfresco for avoid leaks information
  • 33. Demo Script •  Starting an attack: gathering information! •  Google Hacking! •  FOCA! •  Exiftool & wget! •  Publishing/Replication/Sync contents with Alfresco (web sites, blog, social networks or just contents.)! •  Backdoors and metadata: yes, we can…! •  Cleaning contents with Alfresco! •  cmd-line-action-clean-metadata-1.0.1.amp! •  Configuration (script + alfresco-global.properties)! •  Add rule! •  Test!
  • 34. Tools, References and Links •  Gathering info tools:! •  Cleaners:! •  FOCA - http://www.informatica64.com/ •  Exiftool! foca.aspx! •  OOMetaExtractor - •  Exiftool - http://www.codeplex.org/ http://owl.phy.queensu.ca/~phil/ oometaextractor! exiftool/ ! •  MS Office 2003 & XP •  Metagoofil - http://www.microsoft.com/ http://www.edge-security.com/ downloads/details.aspx? metagoofil.php! displaylang=en&FamilyID=144e5 4edd43e-42ca- •  Libextractor - bc7b-5446d34e5360! http://www.gnu.org/software/ libextractor/! •  BatchPurifier - $19 (BatchPurifierCon.exe)! •  Shodan - http://www.shodanhq.com/! •  Explanation:! •  Alfresco Security Toolkit CMD •  http://blyx.com – theory! LINE ! •  http://blyx.com – practice / POC ! •  cmd-line-action-clean- metadata-1.0.1.amp!
  • 36. Conclusions •  Working on Security could be sometimes a nightmare but…! ! Picture from: http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-alonso-palazon-tactical_fingerprinting.pdf
  • 37. Conclusions •  Trust no one, including users!! •  Nobody cleans documents.! •  Almost everything can reveal information! •  Currently we have tools and information available to secure Alfresco, but unfortunately they are not on a single place and we have to improve some of them.! •  Remember: security measures have to be taken constantly!! •  Other topics to be covered in future related to security:! •  Security in development! •  In-depth auditory ! •  Users, roles and permissions.! •  Authentication subsystems creation (webinar already carried out in Spanish)! •  SSO with CAS, Siteminder, OpenSSO, JoSSO, ForgeRock, Oracle Identity Manager, etc. ! •  PKI integration or best practices for digital signatures, content encryption, etc.!
  • 38. Next steps •  Lets use “Alfresco Security Toolkit” as main project for collection of security related docs and tools. ! •  http://code.google.com/p/alfresco-security-toolkit/! •  “Hardening Alfresco Guide”.! •  “Bastille Alfresco” – useful?! •  Any idea? !
  • 40. # while you=applause; do echo THANKS!; done Toni de la Fuente! Alfresco Senior Solutions Engineer! Blog: blyx.com Twitter: @ToniBlyx! ! toni.delafuente@alfresco.com!