iTP Secure WebServer System Administrator's Guide (Version 7.0)
Planning the iTP Secure WebServer PATHMON
Environment
iTP Secure WebServer System Administrator’s Guide—523346-012
3-8
Protecting the Server Password
The key database file contains sensitive information that must be protected. The iTP
Secure WebServer protects the database by encrypting it, and by requiring a password
to access it (decrypt it).
One way that you can protect the key database file is by protecting its password (see
Protecting the Server Password on page 3-8). You also should protect the key
database file by ensuring that it has the correct file permissions. The file should be
owned by the user name under which the server is run and set to mode 600, giving
read/write access only to that user.
A second way to protect the key database file is by keeping it properly backed up.
Back up the file every time there is a change to it. Keep the backup in a place that is as
safe as your needs require (according to how valuable your data is). For some
customers, keeping a backup tape in the same building as the server machine is
sufficient. For other customers, a backup should be kept in another location (for
example, in another building) in case the original file is destroyed and a replica is
needed immediately.
As your security requirements dictate, consider controlling access to the room in which
backups are made and stored and the means by which they are transported physically
or electronically (if applicable).
You also must protect the server machine itself, since it contains the key database file.
According to your security requirements, consider physically protecting the room in
which the server is located and also restricting access to the server through its network
connections.
Protecting the Server Password
The key database file is encrypted with a password that you specify by using the
keyadmin utility. The iTP Secure WebServer must decrypt the file at run time to gain
access to the file’s stored information. Use the ServerPassword configuration directive
to assign the server a password.
The iTP Secure WebServer installation requires the server password to be eight
characters or longer. In addition, the keyadmin utility also requires passwords to be
either mixed case or all uppercase.
If your password is stored in the configuration file or another file, protect that file at
least as carefully as you would the key database file itself. Consider file protection,
backups, network access, physical access, and so on (as described in Protecting the
Key Database File on page 3-7).