This chapter provides an overview of Oracle Communications Instant Messaging Server security.
The following principles are fundamental to using any application securely:
Keep software up to date. This includes the latest product release and any patches that apply to it.
Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
Monitor system activity. Establish who should access which system components, how often they should be accessed, and who should monitor those components.
Install software securely. For example, use firewalls, secure protocols (such as SSL), and secure passwords. See "Performing a Secure Instant Messaging Server Installation" for more information.
Learn about and use Instant Messaging Server security features. See "Implementing Instant Messaging Server Security" for more information.
Use secure development practices. For example, take advantage of existing database security functionality instead of creating your own application security.
Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See "Critical Patch Updates and Security Alerts" on the Oracle Web site at:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
When planning your Instant Messaging Server implementation, consider the following:
Which resources must be protected?
For example:
GlassFish Server (Instant Messaging 8.3 and prior releases)
Instant Messaging Server
Instant Messaging Server multiplexor
Protocols: HTTP, WMAP, SMTP, WCAP, LDAP, XMPP, HTTPBIND, and SIP/SIMPLE
From whom am I protecting the resources?
In general, resources must be protected from everyone on the Internet. But should the Instant Messaging Server deployment be protected from employees on the intranet in your enterprise? Should your employees have access to all resources within environment? Should the system administrators have access to all resources? Should the system administrators be able to access all data? You might consider giving access to highly confidential data or strategic resources to only a few well trusted system administrators. On the other hand, perhaps it would be best to allow no system administrators access to the data or resources.
What happens if protections on strategic resources fail?
In some cases, a fault in your security scheme is easily detected and considered nothing more than an inconvenience. In other cases, a fault might cause great damage to companies or individual clients that use Instant Messaging Server. Understanding the security ramifications of each resource helps you protect it properly.
Note:
Oracle recommends that you configure Instant Messaging Server in secure mode.Instant Messaging Server provides security in the following ways:
LDAP: The basic level of security is through LDAP. The Instant Messaging server communicates with Directory Server for both authentication and user search. For chat to occur, the users must be in LDAP.
Roles and policies: You can define roles and policies for those roles that enforce chat access, conference room access, contact list management, and user settings.
Single sign-on: You can configure end users to authenticate once (that is, log on with user ID and password) and have access to multiple applications.
Encryption: In conjunction with the TLS protocol, Instant Messaging Server provides client-to-server and server-to-server encrypted communications as well as certificate-based authentication between servers.
For an overview of operating system security, see Oracle Solaris Security for System Administrators.
You can deploy Instant Messaging Server on a single host or on multiple hosts, splitting up the components into multiple front-end hosts and multiple back-end hosts. For more information, see the topic on planning your Instant Messaging Server deployment in Instant Messaging Server Installation and Configuration Guide.
The general architectural recommendation is to use the well-known and generally accepted Internet-Firewall-DMZ-Firewall-Intranet architecture.
This section lists Instant Messaging Server-specific OS security configurations. This section applies to all supported OSs.
Instant Messaging Server communicates with various components on specific ports. Depending on your deployment and use of a firewall, you might need to ensure that the firewalls are configured to manage traffic for the following components:
XMPP port (default 5222)
Multiplexed XMPP port (default 45222)
XMPP Server port (default 5269)
Notification Server port (default 47676)
Close all unused ports, especially non-SSL ports. Opt for SSL-enabled ports, instead of non-SSL ports, for all communications (for example: HTTPS, IIOPS, t3s).
For more information about securing your OS, see your OS documentation.
In an Instant Messaging Server deployment, you can configure Transport Layer Security (TLS) for secure communication.
Instant Messaging uses a startTLS extension to the TLS 1.0 protocol for client-to-server and server-to-server encrypted communications and for certificate-based authentication between servers. In the latter case, a certificate is used to validate the identity of the server to which the client connects, but certificates are not used for authentication.
See "Implementing Instant Messaging Server Security" for more information.
Instant Messaging Server requires a Directory Server to provide LDAP services. See the topic on using LDAP in Instant Messaging Server System Administrator's Guide for more information on configuring LDAP access, using schema, and other aspects of LDAP management.
To enhance client security in communicating with Directory Server, use a strong password policy for user authentication. For more information on securing Directory Server, see "Directory Server Security" in Oracle Directory Server Enterprise Edition Administration Guide.