Security and Macromedia Breeze
Trademarks Afterburner, AppletAce, Attain, Attain Enterprise Learning System, Attain Essentials, Attain Objects for Dreamweaver, Authorware, Authorware Attain, Authorware Interactive Studio, Authorware Star, Authorware Synergy, Backstage, Backstage Designer, Backstage Desktop Studio, Backstage Enterprise Studio, Backstage Internet Studio, Contribute, Design in Motion, Director, Director Multimedia Studio, Doc Around the Clock, Dreamweaver, Dreamweaver Attain, Drumbeat, Drumbeat 2000, Extreme 3D, Fireworks,
CONTENTS Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Security Levels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Infrastructure Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Solutions for a Secure Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Application-Level Security . . .
Contents
Security and Macromedia Breeze Overview This document is targeted towards system administrators and program managers interested in ensuring security with Breeze. If you are installing Breeze for use on your intranet, it is recommended that you review and implement the best practices outlined in this article. However, if you are installing Breeze for use on the Internet, you must implement the best practices outlined in this article.
Security Levels When planning a security strategy, it is important to consider the various layers of a deployed server environment, and devise a plan for each layer. Typically, a comprehensive security strategy incorporates the following elements: • Infrastructure Security • Application-Level Security • Physical Security Infrastructure Security Infrastructure security is by far the most important, but most overlooked, aspect of securing Breeze.
Breeze Web Server Security Macromedia Breeze comes with its own built-in high-performance, secure web server. This web server is based in part on Macromedia JRun Enterprise Server and has been designed specifically to serve dynamic content for Breeze, including Breeze Live meetings, Breeze presentations, and other rich media content. Because of Breeze’s special requirements, no other web servers should be used with Breeze. This will only degrade performance for Macromedia Breeze.
Single Server Configuration The easiest solution for a dedicated, single-server Breeze system is to block all ports on the Breeze box except 80, 1935 (and 443 for SSL-enabled servers). If the Windows server is carefully updated by your IT department with the latest Microsoft security patches, a software firewall can easily be configured to enable application security.
Application-Level Security The Breeze application has a built-in ACL-based security model that lets you assign users different permissions to access Breeze’s features. For example, you can control what users have permissions to publish presentations by adding them to the Account Authors group. You can also control which folders individual users can publish to. Breeze has four primary groups that grant users access to specific features in the Breeze system.
Best Practices Below is a checklist of best practices that will assist you in securing Breeze. • • • • • • • 10 Firewall Your Servers It is highly recommended to place Macromedia Breeze behind a firewall, especially if you are intending for Breeze to be used on the Internet. By not placing Breeze behind a firewall, you are leaving your server open for attacks. Even worse, your sensitive information is unsecured and open for theft.
Recommended Security Resources and References The following are sources of information and software which may aid the process of securing your Breeze server(s). • Network Security • • SANS Institute (www.sans.org) The SANS Institute (System Administration, Networking, and Security) is a cooperative research and education organization comprised of system administrators, security professionals, and network administrators.
Security and Macromedia Breeze