Security Tip: Protecting SFXAdmin
- Article Type: General
- Product: SFX
- Product Version: 3
Description:
When working with SFX customers, we discover that many are inadvertently not securing their SFXAdmin interface. This leaves the Administration interface open to intruders. The two steps detailed below can block unintended access to your SFXAdmin, keeping your information safe and secure.
Resolution:
1. Change Default SFXAdmin password
= = = = = = = = = = = = = = = = = = = = = = = = =
SFX is installed with a default SFXAdmin password. This default password is shared by many SFX customers and is not unique to the client. Change your SFXAdmin password (and your UNIX password) for all your instances (including sfxglb3) to be different than the password originally delivered with SFX, making it unique.
To change your SFXAdmin passwords
----------------------------------------------------
• Log into SFXAdmin of the instance you would like to secure
• Access the SFXAdmin Users menu of SFXAdmin (under Administrator Tools)
• Click the ‘E’ button next to the user named admin
• In the editing page, enter the new password and verify it
• After clicking submit your new administrator password will change
• Save the new passwords and file in a known location for easy retrieval
See SFX User guide, Part 2, section 5 for additional information about SFXAdmin User Administration. For information about changing UNIX passwords refer to the SFX System Administrator’s Guide, section 4.4 Changing and Encrypting Passwords
2. Limit access to staff IP range
= = = = = = = = = = = = = = = = = = = =
Another measure that can block unwanted access is to limit access to the SFXAdmin by the IP address the user is coming from. Limit access only to IP ranges from where administrative users will be accessing SFX (On campus, specific offices, etc.). Note that you will need to include the IP address of your support offices to assist you when submitting support incidents.
Making the change
--------------------------
Specifying IP ranges is done via the file connection_admin.config_ found in your config directory. Edit the “connection” section adding all relevant IP ranges in their own lines like in the following example:
Section "connection"
10.1.1.0-255
EndSection
Additional Information
SFXAdmin, admin, security, hacking
- Article last edited: 10/8/2013