19.0 Security Considerations
Consider the following to help ensure security for Novell
SecureLogin:
- Use the AES encryption standard for
the encryption of SecureLogin data.
- Back up SecureLogin data and directory data by using
encryption and password protection.
- Use AAVerify to provide additional advanced authentication
to single sign-on applications with NMAS™ methods.
- Provide information to users about using smart card,
including details about how to store application credentials on
the card, and how to encrypt the directory data store by using PKI-based
credentials.
- Protect the SecureLogin desktop shortcut with a
password so that others cannot view SecureLogin data.
- Prevent certain SecureLogin settings and options
from being visible or modifiable by others.
- Use a universal password for increased security
by providing additional layers of policies.
- Require SecureLDAP when authenticating to SecureLogin
using LDAP.
- Use SecretStore to provide additional security to
SecureLogin data stored on eDirectory.
- Use NMAS to provide advanced authentication such
as pcprox, fingerprint, and token-based authentication.
- Store SecureLogin credentials in a PIN-protected
smart card, which provides a secure, portable, and efficient single
sign-on solution.
- Keep the local cache files in a user profile directory
so that only the corresponding Windows user can access.
- Enable a passphrase to provide additional security
to SecureLogin user data.
- Ensure strict password policies for SecureLogin
users and for all single sign-on logins. Randomization of passwords
and hiding them from end users is also essential.
- Use auditing features like SNMP alerts, Windows
event logs, and Novell Audit logging to capture SecureLogin activity
wherever applicable.