Changes are made during the Application Server installation and armoring procedure to ensure that the Application Server system is as secure as possible without affecting the functionality of the system. The following security measures are enforced during the armoring procedure:
Insecure network services are disabled.
The ODBC tracing executable is disabled. Disabling this executable ensures that user names and passwords are always encrypted in the trace log.
Optional services and applications are not installed.
All IMPAX services are configured to run under restricted user accounts that can access only the resources they need. These accounts are created during the IMPAX installation.
A default list of firewall rules is added to the system automatically, blocking external access to unused ports where unsecured services could reside if accidentally configured and started. The default rules are sufficient in most cases, but new rules can be added to increase security for a particular setup.
Groups and accounts created for IMPAX
During the IMPAX installation, the ImpaxServerGroup is created and the list of files that this group has full access to is configured. The Administrators group is automatically created by Windows, however, the list of files that this group has access to is modified during the IMPAX installation.
The following accounts are created by the IMPAX installation program.
Account |
Groups that it belongs to |
Services that run under the account |
|---|---|---|
ImpaxServerUser |
|
|
AgfaService |
|
|
 | Note: For a service on one machine in a network to access the resources (files and folders) that it needs on another machine in the network, a user account with the same user ID and password must be created on each machine. The user IDs and passwords are maintained in an encrypted password file on the Database Server. For information on creating the portable password file, refer to the IMPAX 6.5.1 AS300 Installation and Configuration Guide or the IMPAX 6.5.1 AS3000 Installation and Configuration Guide. |