Comprehensive Security Planning
HCL Digital Experience is a platform upon which to build an application. You can integrate it into a wide variety of digital ecosystems. The extent to which you may customize HCL Digital Experience and associated security functions in IBM WebSphere Application Server is nearly endless. Your approach to security hardening your application should encompass:
• HCL Digital Experience
• IBM WebSphere Application Server
• Custom code (themes, portlets, filters, etc.)
• Operating system (client and server)
• Container platform (if applicable)
• Web clients (e.g. browsers)
• Web servers and load balancers
• External security managers or other identity providers
• Back-end applications, such as databases, LDAP servers, etc.
• Network security (including DNS, TCP/IP, etc.)
• Physical security
Recommended actions and considerations
-
Compile and prioritize the security requirements for your application.
-
Diagram your application and its environment. Identify the major components.
-
Identify component owners within and beyond your organization. Who is responsible for the security of, or otherwise has control over the following:
-
the network, including firewalls
-
the web server
-
the LDAP server
-
any external security manager or other proxies
-
any identity providers
-
the database server
-
other back-end servers (integrated via Web Application Bridge, WSRP, etc.)
-
any custom themes
-
any custom portlets
-
other custom code (authentication filters, vault adapters, etc.)
-
clients (operating systems, browsers)
-
-
Read Traditional WAS Security Hardening, parts 1 and 2, for an overview of security hardening.
-
Make note of topics you think might affect your application.
-
After following this Security Hardening Guide for HCL Digital Experience, circle back and address any remaining items.
-
Pay special attention to the introductory sections that address infrastructure.
-
-
Read Web security concepts and considerations for an overview of the main security components of HCL Portal.
-
Review the security considerations published by the Internet Engineering Task Force, W3, or other standard-setting body for any technology upon which your application relies. Primarily, consider:
-
LDAP, particularly: