AnsweredAssumed Answered

How to strip FCC capabilities of an IIS WebAgent to the minimum needed?

Question asked by Michael_Kipnis on May 19, 2015
Latest reply on May 20, 2015 by Michael_Kipnis

Hello All,

 

I have a SiteMinder 12.51 deployment with a central login page architecture.

All Web Agents are 12.51 for IIS on Windows 2008 R2.

 

I've been asked by my employer to minimize the risk of exploiting fcc mechanism and pages by hackers but on the other hand to leave the local login.fcc for troubleshooting purposes.

 

I though of the following:

1. Block access from the internet to the siteminderagent virtual directory

2. Delete all contents of the example folder, leaving only login.fcc

3. Remove all IIS handler mapping except of *.fcc

4. Secure login.fcc page as described here

 

Is there anything else I can do or is there a simpler approach?

 

Thanks,

Michael.

Outcomes