Alfresco is one of the most famous document management system in the world. In addition to its user-friendly design and easy-to-use features, Alfresco is also recommended for its strong security. However like in case of all software tools, your Alfresco implementation is only as strong as its configuration. For a secure Alfresco you need an air-tight defense from all possible points of attack. So in this blog we are going to talk about securing your Alfresco installation.
In addition, in most practical solutions every Alfresco installation is linked to other tools like portals, intranets, business intelligence tools, CMS, ECM and CRM, so it’s advisable to secure integrated tools as well. Also, if you have installed clusters of Alfresco, you should checking the security of all nodes becomes mandatory.
1. Checking All the Passwords
- Change all the default passwords of the Alfresco installation.
- Change the default JMX passwords associated with controlRole and monitorRole parameters.
- Check whether the passwords stored in Properties files are encrypted or not.
- Check the passwords and security of all connected API, Services, and Shared proxies.
2. Checking the permissions
- If you are using linux, make sure that you are using non-root user for running application servers.
- Change the permissions at alfresco-global.properties, dir_root/contentstore, dir_root/solr, and dir_root/lucene-indexes to allow access of only application users.
- Disable guest users.
- If you are using Kerberos, check the ‘file-servers-custom.xml’ file’s permissions.
- Check the configuration and passwords of FTSR files.
- If you are going to integrate Alfresco with third party tools (and we know that you are going to do that ;) ) create a dedicated user to them allow access to Alfresco instead of giving them access via admin user.
- Unless and until your project specifically require them, set the Alfresco Share’s iFramePolicy to ‘deny’.
- Recheck the permissions and configurations of Alfresco log directories. All Alfresco logs and application server logs are usually stored in the same directory so it’s imperative that you secure it.
- Alfresco is full of services and features. It’s recommended to disable all unneeded services to ensure best performance from Alfresco both from general, work and security point of view.
3. Important configurations to check after every installation
- Remove the Alfresco icon from the login page and if possible change the styling
- Enable SSL for all major services. If you are using any third party authentication, run all authentication requests between Alfresco and server through an SSL secure server.
- Whenever you are replicating Alfresco services, use HTTPS services only. Also either use a pre-created user or create a new dedicated user for the same instead of using admin user.
- Enable auditing to check the performance of your system.
- Enable encryption in your Alfresco system.
4. Using Fi