Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑2. View Database Accounts
View Component Required Accounts
View Composer
database
An SQL Server or Oracle database stores View Composer data. You create an administrative
account for the database that you can associate with the View Composer user account.
For information about setting up a View Composer database, see the View Installation document.
Event database used
by View Connection
Server
An SQL Server or Oracle database stores View event data. You create an administrative account
for the database that View Administrator can use to access the event data.
For information about setting up a View Composer database, see the View Installation document.
To reduce the risk of security vulnerabilities, take the following actions:
n
Configure View databases on servers that are separate from other database servers that your
organization uses.
n
Do not allow a single user account to access multiple databases.
n
Configure separate accounts for access to the View Composer and event databases.
View Resources
View includes several configuration files and similar resources that must be protected.
Table 1‑3. View Connection Server and Security Server Resources
Resource Location Protection
LDAP settings Not applicable. LDAP data is protected automatically
as part of role-based access control.
LDAP backup files
%ProgramData%\VMWare\VDM\backups
Protected by access control.
locked.properties
(secure gateway
configuration file)
install_directory\VMware\VMware
View\Server\sslgateway\conf
Ensure that this file is secured against
access by any user other than View
administrators.
absg.properties
(Blast Secure
Gateway
configuration file)
install_directory\VMware\VMware
View\Server\appblastgateway
Ensure that this file is secured against
access by any user other than View
administrators.
Log files See “View Log Files,” on page 8 Protected by access control.
web.xml
(Tomcat
configuration file)
install_directory\VMware
View\Server\broker\web apps\ROOT\Web INF
Protected by access control.
View Log Files
View creates log files that record the installation and operation of its components.
NOTE View log files are intended for use by VMware Support. VMware recommends that you configure
and use the event database to monitor View. For more information, see the View Installation and View
Integration documents.
View Security
8 VMware, Inc.