Global Mailbox security guidelines

Few important security guidelines for working with Global Mailbox are given below. To view the overall security configuration for Global Mailbox see Security Options.

• Global Mailbox Management Tool. The Global Mailbox Management Tool is configured with SSL by default and uses a self-signed certificate. To replace the default certificate with your own certificate, see Securing communications with SSL.
• NIST or FIPS compliance. The IBM® WebSphere® Application Server Liberty profile provides the framework for Secure Sockets Layer (SSL) in Global Mailbox. To configure a Liberty profile to run in Strict NIST 800-131a compliance mode, see Setting up a Liberty profile to run in SP800-131a. For configuring Global Mailbox to be NIST compliant, see Securing with SSL.
• Securing the connection to Apache Cassandra. Secure the communications between Global Mailbox and Cassandra servers with SSL by creating a keystore and truststore with encryption keys and authentication. After SSL is implemented, only trusted resources are connected. For information, see Securing Apache Cassandra SSL connections.
• Securing the connection to Sterling B2B Integrator and Sterling File Gateway. SSL connections between Global Mailbox and Sterling B2B Integrator are enabled by default and are set during installation.
• Firewall considerations. Ensure that your software and firewalls are configured correctly so that communication is not blocked. For more information, see Firewall Considerations.
• Sensitive configuration properties. The master passphrase that is created during installation and is enabled by default secures access to sensitive properties by encryption. For more information, see Securing passwords.
• Data Encryption. Data in storage is not encrypted by default during installation. To enable encryption of data in storage, see Provisioning storage.