Secure environment practices
These practices can help ensure a secure IBM Verify Identity Governance environment.
| Given sensitive data in these areas | Ensure that these practices occur |
|---|---|
| Database data | Restrict operating system access to database files. Limit the privileges of the operating system accounts (administrative, root-privileged, or DBA) to the least privileges needed. Change the default passwords. Enforce periodic password changes. See the security information in the database documentation for more details. |
| Database logs | Restrict operating system access to log and trace files. Limit the privileges of the operating system accounts (administrative, root-privileged, or DBA) to the least privileges needed. Change the default passwords. Enforce periodic password changes. See the security information in the database documentation for more details. |
| Database backups | Store database backups at safe and secure locations. Guard against leaks or exposure of sensitive and confidential information. See the security and backup information in the database documentation for more details. |
| LDAP data | Securely handle any LDAP data that contains sensitive information. Sensitive information includes disabling anonymous read, enabling SSL, and restricting access to privileged and authorized operating system and application users. See the security information in the LDAP directory server documentation for more details. |
| LDAP logs | Restrict access to log files in the log directory of the
directory server to privileged and authorized operating system and application users. This
restriction is especially important if you enable audit logging for the directory server. See the
security information in the directory server documentation for more details. |
| LDAP backups | If LDIF files contain sensitive information, store them safely and handle them securely. |
| IBM Verify Identity Governance logs | If IVIG logs in the path/ibm/tivo../../common/CTGIM directory contain sensitive information, restrict access to them. |
| Directories under IM_HOME | If the data, configuration, and installation logs contain sensitive
information, restrict access to the directories in
ISIM_HOME. |
| Network traffic | Restrict network traffic to what is required by the deployment. If you write your own application and use an IBM Verify Identity Governance API to retrieve sensitive data, encrypt the data before you send it over the network. |
| WebSphere® Liberty security | Enable security on WebSphere Liberty and disallow running WebSphere Liberty with a non-root account. |