20.2 Security Characteristics

Novell Remote Manager communicates using port 8008 and 8009. Port 8008 access the Login page, then all other communications take place through secure HTTP ports 8009. These default settings can be changed using options in the /etc/opt/novell/httpstkd.conf file.

The HTTPS communication uses SSL encryption. It uses the server certificate by default; however, you can reconfigure this setting if desired.

You can set the SSL key cipher strength by setting the cipher strength command in the /etc/opt/novell/httpstkd.conf file. We recommend that you set the cipher strength to high, which allows only 112-bit or greater encryption. By default it is set ALL, which allows any cipher strength. For information, see Section A.9, SSL Key Cipher Strength Command.

By default, Novell Remote manager sets an HttpOnly cookie attribute that specifies that the cookie is not accessible through a script. This helps mitigate the risk of cross-site scripting. For information, see Section A.5, HttpOnly Command.

The Admin user and users with rights equivalent to user Admin have limited root user privileges that are needed to modify only the configuration files necessary for configuring NRM or any other files that NRM has been assigned rights to allow modifying. For a list of these files, see Section 20.1, Security Features. The user Admin or equivalent user has access according to the Linux and LUM file rights to all other files.