7.1 Security Features

The following table contains a summary of the Client for Open Enterprise Server security features:

Table 7-1 Client Security Features

Feature

Yes/No

Details

Users are authenticated

Yes

GUI and command line login utilities support authentication of NCP and LDAP connections via user authentication into eDirectory. NCP protocol authentication is supported via RSA, and LDAP authentication is supported via SSL and the Simple Bind protocol.

Servers, devices, and/or services are authenticated

Yes

Connections to servers are authenticated via user-supplied credentials. No device authentication is supported directly by the Client.

Access to information is controlled

Yes

Roles are used to control access

Yes

Logging and/or security auditing is done

Yes

Data on the wire is encrypted by default

No

No wire encryption is supplied by this product.

Data stored is encrypted

Yes

Passwords, keys, and any other authentication materials are stored encrypted

Yes

Passwords and other authentication materials in temporary storage are encrypted to prevent in-memory scanners.

Security is on by default

Yes

There are no configuration options to enable or disable with the exception of packet signing. Packet signing is enabled by default.

FIPS 140-2 compliant

Unknown

MSCAPI is not a FIPS 140-2 certified API, but this is deemed unimportant because customers have not expressed a requirement for FIPS 140 compliance.