F-Secure Policy Manager
F-Secure Policy Manager
F-Secure Policy Manager
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
16 | F-<strong>Secure</strong> <strong>Policy</strong> <strong>Manager</strong> | Installing the product<br />
Security issues<br />
<strong>Policy</strong> <strong>Manager</strong> Server utilizes Jetty Web Server technology, and even though we do the utmost to deliver<br />
secure and up-to-date technology we advise you to regularly consult the following site for information on Jetty<br />
technology and security.<br />
You will find a list of Jetty security reports at http://docs.codehaus.org/display/JETTY/Jetty+Security.<br />
Note: You will find important information about installation and security in the release notes. Read<br />
these notes carefully.<br />
Installing <strong>Policy</strong> <strong>Manager</strong> in high-security environments<br />
<strong>Policy</strong> <strong>Manager</strong> is designed to be used in internal corporate networks mainly for managing F-<strong>Secure</strong> anti-virus<br />
products, and should not be used over public networks such as the Internet.<br />
Note: When installing <strong>Policy</strong> <strong>Manager</strong> in high-security environments, you should make sure that the<br />
administration port (by default port 8080) and the host port (by default port 80) are not visible on the<br />
Internet.<br />
Built-in security features<br />
Access to <strong>Policy</strong> <strong>Manager</strong> is restricted to users who have an account. An unauthorized user can therefore<br />
not deploy any changes to managed hosts.<br />
As an alternative to installing the components separately, <strong>Policy</strong> <strong>Manager</strong> Console and <strong>Policy</strong> <strong>Manager</strong> Server<br />
can be installed on the same machine, and access limited to the localhost. Remote administrator access to<br />
<strong>Policy</strong> <strong>Manager</strong> Console can be arranged by using a secure remote desktop product.<br />
Communication between <strong>Policy</strong> <strong>Manager</strong> Server and <strong>Policy</strong> <strong>Manager</strong> Console is secured using the HTTPS<br />
protocol.<br />
Web Reporting in high-security environments<br />
Web Reporting is designed to be used in internal corporate networks for generating graphical reports of, for<br />
example, Client Security virus protection status and alerts. F-<strong>Secure</strong> does not recommend using Web Reporting<br />
over public networks such as Internet.<br />
An alternative for high-security environments is to limit access to Web Reporting to localhost only during the<br />
installation. After this, only the person who has physical access to the localhost can use Web Reporting.<br />
Installation order<br />
You should install <strong>Policy</strong> <strong>Manager</strong> components in a specific order when installing them on separate machines.<br />
To install <strong>Policy</strong> <strong>Manager</strong>, please follow this installation order (unless you are installing <strong>Policy</strong> <strong>Manager</strong> Server<br />
and <strong>Policy</strong> <strong>Manager</strong> Console on the same machine, in which case setup installs both of these components<br />
during the same installation process):<br />
1. <strong>Policy</strong> <strong>Manager</strong> Server,<br />
2. <strong>Policy</strong> <strong>Manager</strong> Console,<br />
3. managed point applications.