Security and Authentication
InterMapper provides a number of facilities that assure that access is limited to authorized users, and that all network communication is secured.
Users and Groups
Users and Groups control various levels of access, granted on a map-by-map basis:
- Administrator: full access to view and edit all maps and to configure the server
- Read-write: allows editing of maps
- Read-only: permits viewing of maps
The InterMapper server keeps an internal database to hold the usernames, passwords, and groups, as well as the associations of which maps are accessible to each individual/group.
InterMapper Authentication Server
Many organizations have their own authentication server such as Active Directory, LDAP, Open Directory, Radius, IAS, Kerberos, etc. Rather than maintain two sets of passwords (one in InterMapper and a separate organizational directory), InterMapper can rely on the institutional directory to verify identity.
The InterMapper Authentication Server (AuthServer) supplements the names in InterMapper's built-in user/password database. This simplifies the creation of accounts at organizations with dozens or hundreds of technicians, and provides:
- Single Sign-On — Once you configure InterMapper to use your company-wide directory, easily add/remove individuals that are allowed to access the InterMapper server, without having to manually change users' passwords
- Strong Passwords – Since you can't rely on your users to create strong passwords, InterMapper uses the central directory server to conform to company-wide strict password strength rules
- Company-wide Password Aging — By using an external directory, InterMapper is immediately brought into compliance on an organization's password aging policies
- Quick set up — A double-clickable installer and a short web-based wizard get you on the air fast
SSL Certificates
InterMapper uses strong encryption (SSL) everywhere: the RemoteAccess user interface always connects to the InterMapper server over SSL; all connections to the InterMapper Datacenter are encrypted; and the web interface has optional HTTPS support.
InterMapper comes with a built-in self-signed SSL certificate (with the name “low-security.dartware.com”). This conceals the network traffic from casual snooping, but doesn’t really provide strong security, because all copies of InterMapper use the same certificate.
It’s straightforward to replace the built-in certificate with your own self-signed certificate, or a CA-signed certificate. There’s even a GUI for creating a Certificate Signing Request and for installing the resulting certificate.
|