InfoConnect Desktop has a number of security features designed to protect your personal data and prevent it from being read by unauthorized users.
Following these best practices for securing InfoConnect Desktop will help you design a secure terminal emulation solution.These best practices include high-level recommendations and considerations. For additional detailed information about the security features supported by InfoConnect Desktop, see Secure Connections in the InfoConnect Desktop Help.
✓ |
Monitor InfoConnect Desktop security alerts Micro Focus regularly publishes security alerts in knowledge base articles. You can find the most recent alerts at: |
✓ |
Use the highest level of TLS for secure connections InfoConnect Desktop versions 17.0 and higher support TLS 1.3 for IBM, VT, Unisys, T27, and FTP sessions. If your environment supports TLS 1.3, consider using this version. |
✓ |
Use the strongest encryption ciphers available in your environment InfoConnect Desktop 17.0 contains enhanced capabilities that allow you to disable cipher suites which are less secure, and also to enable ciphers used in your environment that you consider to be more secure. |
✓ |
Stay current with versioning in InfoConnect Desktop Staying current with major new releases, service packs and updates (when available) ensures you have deployed the latest security patches and fixes to your end-users. Micro Focus strives to make each new version of InfoConnect Desktop more secure than the last. The Host Connectivity team responsible for the development of new versions is a dedicated staff of senior engineers who have a strong focus on making the product more secure. They evaluate all security alerts against the currently released products and incorporate updates in the next versions. Micro Focus Development teams use a Secure Development Lifecycle process, where ongoing training and product review ensures that our software does not contain security vulnerabilities and that all new features are developed with security in mind. |
✓ |
Use Certificates in a secure manner Configure InfoConnect Desktop to prevent security risks associated with certificates.
|
✓ |
Control access to product features that are not needed Limit access to settings and controls and consider setting up custom templates with locked down settings so that users must use security settings, such as the latest TLS versions, when they create new sessions. You can restrict access to almost any of the InfoConnect settings or controls to prevent users from changing values, like the host address that a session connects to. This allows you to simplify support requirements and resolve security concerns. Administrative access is required to change settings and users cannot change these options unless they elevate their access level to administrator. Access to almost every InfoConnect Desktop feature can be enabled or disabled with Microsoft Group Policy or *.ACCESS files that you can create with InfoConnect Desktop administrative tools. See Section 8.0, “Lock Down” InfoConnect To Restrict Access to Controls. Control Access Lock down or disable features which can be used in an insecure manner. For example, allowing users access to programming and macro languages could allow users to record or write automation code that includes user IDs and passwords. This code could then be freely distributed among users, creating a security risk.
Set up Session Templates Deploy session templates using pre-configured settings to control the types of sessions users can create. For example, you can create templates that have pre-configured SSL/TLS settings and then lock down these settings with Group Policy or InfoConnect Desktop administrative tools. Then configure InfoConnect to hide the built-in templates so that only the custom templates are available. See Set up Session Templates. |
✓ |
Configure the InfoConnect Desktop Trust Center to protect data and information privacy Use the Trust Center to protect your working environment from information theft, and your data from potential damage caused by opening documents from non-trusted sources. You can configure settings to protect the following types of data and information: Trusted Locations A trusted location is a directory that is designated as a secure source for opening files. By default, InfoConnect allows users to open documents only in directories specified as trusted locations and prevents them from opening untrusted documents outside of these locations. Information Privacy Consider protecting sensitive data such as credit card Primary Account Numbers (PANs), phone numbers, and US Social Security numbers. Information Privacy allows you to configure InfoConnect Desktop so that the sensitive data is not displayed on the screen or in productivity features, such as Screen History. It also allows you to require secure connections and to redact PANs in logs. API and Macro Security Consider the following options for handling the InfoConnect Desktop API and macros. You can configure Trust Center settings to:
See Protect Data. |
✓ |
Do not save passwords in macros Including user IDs or passwords in macros or other automation code creates a security risk. When a VBA macro is recorded in InfoConnect Desktop, a password prompt dialog box is automatically added to the macro in place of actually recording the password. Using this password prompt in macros that require user credentials prevents security risks. There may be circumstances where you need to consider embedding a password in a macro, although this is a security risk. Undertake this process with extreme caution and after careful deliberations of the potential for the password being compromised by others who should not have the information, as shown in Technical Information Document 7024220. NOTE:The InfoConnect Desktop software does not store Host user names or passwords anywhere in the product configuration files and InfoConnect Workspace logs do not capture Host user names or passwords. |
✓ |
Consider using a centralized management server to manage host sessions You can centrally manage, secure, and monitor users’ access to host connections with the Micro Focus Host Access Management and Security Server (MSS), a separately available product that is designed to provide centralized management for InfoConnect sessions.
|
✓ |
Consider encrypting session documents You can encrypt session documents to protect them against unauthorized changes. Encryption effectively scrambles the data in a session document, helping to prevent unauthorized users from reading and changing the file's contents. For best results, use document encryption in conjunction with the encryption options in InfoConnect Permissions Manager. |