The following table contains a summary of the Client for Open Enterprise Server security features:
Table 7-1 Client Security Features
|
Feature |
Yes/No |
Details |
|---|---|---|
|
Users are authenticated |
Yes |
GUI and command line login utilities support authentication of NCP and LDAP connections via user authentication into eDirectory. NCP protocol authentication is supported via RSA, and LDAP authentication is supported via SSL and the Simple Bind protocol. |
|
Servers, devices, and/or services are authenticated |
Yes |
Connections to servers are authenticated via user-supplied credentials. No device authentication is supported directly by the Client. |
|
Access to information is controlled |
Yes |
|
|
Roles are used to control access |
Yes |
|
|
Logging and/or security auditing is done |
Yes |
|
|
Data on the wire is encrypted by default |
No |
No wire encryption is supplied by this product. |
|
Data stored is encrypted |
Yes |
|
|
Passwords, keys, and any other authentication materials are stored encrypted |
Yes |
Passwords and other authentication materials in temporary storage are encrypted to prevent in-memory scanners. |
|
Security is on by default |
Yes |
There are no configuration options to enable or disable with the exception of packet signing. Packet signing is enabled by default. |
|
FIPS 140-2 compliant |
Unknown |
MSCAPI is not a FIPS 140-2 certified API, but this is deemed unimportant because customers have not expressed a requirement for FIPS 140 compliance. |