beautypg.com

Security strategy, General, Virus protection – Kofax Communication Server 9.2.0 User Manual

Page 103: Network, 1 general, 2 virus protection, 3 network

background image

Environment Guide

Version 9.02.00

© Copyright Kofax, Inc. All information is subject to change without notice.

103

9. Security Strategy

No doubt there are no secure servers on the market but the level of security or defense measurement

depend on the person who looks after the network environment. This chapter is not a security handbook.

Neither is it a guarantee for a secure KCS server but it should help you to estimate the scale of raid for your

system.

9.1 General

By carelessness, wires often get plugged off or equipment gets switched off. (E.g. cleaning personal) You

should allow only authorized personal to have access to the KCS server.

Prepare for failures, virus attacks and security before a violation happens.

9.2 Virus Protection

To check a server, sufficient virus protection software should be at least running daily with actual signature

files. The quality of the antivirus software depends on the validity of the signature files (update once a

week) so the software will be worthless if the signature is old. One software suit is good but to increase the

safety level make periodical checks with different antivirus software.

9.3 Network

Nowadays most computer networks stand behind firewalls and even particular servers within firewall-

secured network may have local firewall system activated (like W2k8 servers).

In order to successfully install and deploy software applications within such an environment, system

administrators often require detailed information on which TCP and UDP ports are being used for incoming

and outgoing communication for particular application or use case.

From the system administrator‟s point of view, most important information is:

which side originates the TCP or UDP communication, and which side is the listener (and it does not

really matter whether the communication through such a communication channel is bidirectional or

unidirectional afterwards)

which destination port is being used for the communication, in other words, which port must be open on

the firewall

Whether particular connectivity is IPv6 enabled and if so, since which KCS version

Most of the KCS applications/modules use only one or at least only a few fixed separate ports (for example

the TCOSS

– LS1 communication uses only port number 5000) for their intra-communication matters, and it

is quite easily configurable on every firewall system.