Configuring › General Security Considerations

General Security Considerations

To better secure your CA Service Catalog implementation, consider making the following configuration changes:

• If you are not implementing clustering, consider disabling the Apache JServ Protocol (AJP) port, port 8009. To do so, edit the %USM_HOME%\view\conf\server.xml file and verify that the APJ tags are commented out. For details about these tags, see Perform the Initial Setup.
• By default, web sessions for users time out after 60 minutes of inactivity. Consider reducing the timeout. To do so, log in to CA Service Catalog and click Administration, Configuration, User Default. Adjust the Session Timeout parameter at your discretion.
• If CA EEM is not configured to use an external directory, consider configuring the CA EEM password policies to be more secure. To do so, log into CA EEM and click Configure, EEM Server, Password Policies. Specifically, consider locking user accounts after three to five failed login attempts.
• By default, only the Certificate user and users with the service provider (SP) administrator role can execute web services. To change this list, log in to CA EEM with the Application set to Service Catalog. Click Manage Access Policies, Policies, Acess Policies, USM_Resource. Edit the policy for which the permission should be given, and add the resource named usm_webservice__all to that policy. For details about editing policies, see your CA EEM documentation.
• Consider enabling Secure Socket Layer (SSL) for web services so that passwords are not sent in plain text when you use the logIn(String,String,String) method. If SSL is not available, consider using the logInToken(String) method instead. This method takes an CA EEM artifact as a parameter and is encrypted.
• If you are using a filestore (a single location for shared files), we strongly suggest that you install anti-virus software on the filestore computer. Doing so helps ensure that any malicious files inadvertently uploaded using Home, Documents are quarantined and do not affect security.
• Hardening is the process of securing a computer by removing or disabling components or access points, to render the computer less vulnerable to outside attacks. Basic hardening steps include limiting the number of users permitted access to a computer, strengthening password and access control, installing intrusion-detection software, and closing ports. If you have hardened CA Service Catalog computers to increase their security, verify that the required ports are open on these computers.

Other security-related considerations that apply to specific tasks or integrations are mentioned where applicable in the CA Service Catalog documentation.