Secure Global Desktop Administration Guide > Security > Securing client connections with Secure Global Desktop security services
Read this topic to... |
---|
|
Secure Global Desktop security services allow you to secure the connections between Secure Global Desktop client and a Secure Global Desktop server. The connections are secured using the Secure Sockets Layer (SSL).
Secure connections have these benefits:
Benefit | Description |
---|---|
No eavesdropping | SSL encrypts all information before transmission. |
No tampering | SSL can check that a message has not changed between the client and the Secure Global Desktop server. |
No message forgery | SSL requires that the server prove its identity to the client before communications can take place, and also guards against replay attacks. |
Internet transactions are open to many forms of attack, for example packet-sniffing, DNS spoofing, and man-in-the-middle attacks. It is critical to recognize that even when SSL is used, a connection is only secure if SSL is configured correctly.
Secure Global Desktop security services can only help raise security levels as part of an ongoing security strategy. They can not transform your intranet into a high-security installation by itself.
When Secure Global Desktop is first installed, the initial connection between a Secure Global Desktop client and a Secure Global Desktop server is secured with SSL. However, after the user has logged in, the connection is downgraded to a standard connection. To be able to use SSL permanently for connections to Secure Global Desktop, you must enable Secure Global Desktop security services.
To enable Secure Global Desktop security services:
tarantella security
start
. This
enables secure connections for the users you have configured to have
them.Secure connections between the client and Secure Global Desktop server use port 5307/tcp. You may have to configure your firewall to allow network traffic on this port. Alternatively, you may want to use firewall forwarding.
Secure Global Desktop security services only secure the connections between a Secure Global Desktop client and a Secure Global Desktop server. It does not secure any other type of connection, including the connections made to the Secure Global Desktop Web Server. To secure the connections to the Secure Global Desktop Web Server, follow these steps.
If you are using the browser-based webtop or you have developed your own web applications, you may also have to secure the SOAP connections to a Secure Global Desktop server.
You can decide which users receive secure (SSL-based) connections, and which users receive standard (unencrypted) connections. To do so, you configure the Connections attribute for a person object, organizational unit object, or organization object.
You can configure the type of connection based on these factors:
The initial connection to a Secure Global Desktop server, before users type their username and password, is always secure. This means that usernames and passwords are always sent securely. Once the user is identified, the connection may be downgraded to a standard connection according to your configuration.
Here are some examples for customizing connection types:
Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.