Security strategy, 1 general, 2 virus protection – Kofax Communication Server 9.1.1 User Manual
Page 103: 3 network, General, Virus protection, Network
Environment Guide
Version 3.00.04
© Copyright Kofax, Inc. All information is subject to change without notice.
103
9. Security Strategy
No doubt there are no secure servers on the market but the level of security or defense measurement
depend on the person who looks after the network environment. This chapter is not a security handbook.
Neither is it a guarantee for a secure KCS server but it should help you to estimate the scale of raid for your
system.
9.1 General
By carelessness, wires often get plugged off or equipment gets switched off. (E.g. cleaning personal) You
should allow only authorized personal to have access to the KCS server.
Prepare for failures, virus attacks and security before a violation happens.
9.2 Virus Protection
To check a server, sufficient virus protection software should be at least running daily with actual signature
files. The quality of the antivirus software depends on the validity of the signature files (update once a
week) so the software will be worthless if the signature is old. One software suit is good but to increase the
safety level make periodical checks with different antivirus software.
9.3 Network
Nowadays most computer networks stand behind firewalls and even particular servers within firewall-
secured network may have local firewall system activated (like W2k8 servers).
In order to successfully install and deploy software applications within such an environment, system
administrators often require detailed information on which TCP and UDP ports are being used for incoming
and outgoing communication for particular application or use case.
From the system administrator‟s point of view, most important information is:
which side originates the TCP or UDP communication, and which side is the listener (and it does not
really matter whether the communication through such a communication channel is bidirectional or
unidirectional afterwards)
which destination port is being used for the communication, in other words, which port must be open on
the firewall
Whether particular connectivity is IPv6 enabled and if so, since which KCS version
Most of the KCS applications/modules use only one or at least only a few fixed separate ports (for example
the TCOSS
– LS1 communication uses only port number 5000) for their intra-communication matters, and it
is quite easily configurable on every firewall system.