4.3 Securing Communications with a VPN If SSL Is Disabled

We recommend configuring iFolder to use encryption for all data exchanges between its different components because iFolder data is not encrypted by default. If you configure iFolder not to use encryption between the enterprise server and client or between the Web access server and the user’s Web browser, the user data is susceptible to eavesdropping or packet sniffing by third parties outside the corporate firewall.

Even if you consider the corporate environment to be a trusted environment, a VPN (virtual private network) should be employed for server-client and server-browser connections in the following situations:

  • When the users access the servers from outside of the corporate firewall

  • When the users access the servers across a wireless network. Wireless access points and adapters broadcast data into space, where the signals can be intercepted by anyone with the ability to listen in at the appropriate frequency.

For accessing the Web Access server over a VPN, make sure to disable split tunneling so that the traffic goes through the VPN connection to the corporate network, not over the public Internet.

For information about configuring SSL features for these communications, see the following: