I am in need of help. I am trying to write a security paper on implementing Wildfire for windows for our enterprise. Does anyone have any best practices to implement or procedures I could look at? THANK YOU.
“best practives” are realitive to your envrionment. Can you provide any (non-senstive) information about your envrionment so that we may best assist you?
I just wonder why you are looking for a security paper as long as you are using Windows. OS updates every month would be a good point to start with. Wifi itself is a small application, it does not need any special rights (as long as you don’'t want to run it as a service, one again a Windows issue). It encrypts the user passwords, the key is anyhow saved in the database and not in the xml file, so one with access to the database can decrypt the passwords. But if you are using another auth. provider like LDAP also this is no longer a problem of Wildfire.
Thank you for your responses. I have been tasked with writing a process to install and secure the wildfire windows version. It will be in an enterprise environment…No public connections. I know the linux version most of the configuration is done in the jabber.xml file. within windows, the only place I see you can configure it is via the admin console. My question is, how does the client communicate? is the channel encrypted to the server. What should be turned off on the server within wildfire or is the original install secure? Are there any known vulnerabilities with wildfire?..Etc. THANK YOU.
Wildfire on Linux and Windows are nearly the same. Both have the wildfire.xml file, both have the admin console. You can force encrypted communications with the server, or allow unencrypted traffic. You can allow server-to-server traffic, or not. Its quite configurable. I recomend you install it on a test system and check it out for yourself.
At this point in time, I dont think there are any known vulnerabilities with wildfire. This will be very dependent on keeping Java up to date (1.5 update 6 is what you should be using right now), your OS up to date, and employing reasonable policies on your systems.
My question is, how does the client communicate?
is the channel encrypted to the server.
The server admin (you) defines which methods are allowed, plaintext, TLS or (old) SSL
What should be turned off on the server within wildfire or is the original install secure?
Disable broadcasts, the file transfer server, broadcasts, in-band-registration, the unencrypted http connector to the admin console … - it’'s not a (big) security issue if these settings are enabled.
Are there any known vulnerabilities with wildfire?
I don’'t know any.