Installation

Now that you have hardened Windows 2003, you can install ColdFusion on the server. Whether you are new to ColdFusion or a seasoned veteran, the installation process is straightforward. Remember that this article describes installing ColdFusion MX 7 on IIS 6.0 only.

Best Practices

Even before running the application installer, it is important to check the integrity of the installer and server. Maintain best practices throughout the entire installation process to ensure a secure deployment.

Recommendation

Standard	Log in with the least privileges.
Description	Log in to your computer using an account that is not in the Administrators group, and use the Run As command to run the ColdFusion installer.
Standard	Do not download or run ColdFusion from sources you distrust.
Description	Malicious programs can contain code to violate security in several ways, including data theft, modification and deletion, and denial of service.

Installer Options

During installation many options are available that can either increase or decrease the security posture of ColdFusion. This section describes guiding principles to increase the security of your installed ColdFusion server on IIS.

Recommendation

Standard	Do not enable RDS.
Description	Macromedia does not recommend enabling RDS for production servers. For more information, see "Disable RDS in production environment." If RDS is required for your organization, create a strong RDS password.
Standard	Use strong RDS and ColdFusion Administrator passwords.
Description	Ensure that passwords are not easily guessable (for example, words in a dictionary or variations of the user name); do not pertain directly to a user's family or personal interests; and contain both letters and numbers. Passwords for normal system users are a minimum of six characters. Passwords for privileged users are a minimum of eight characters. If your organization uses a stronger password policy than this one, by all means continue using those guidelines.
Standard	Place ColdFusion content on a dedicated NTFS disk partition.
Description	Disk segmentation is a process that keeps specific data on your server on separate physical disks for added security. Arranging data in this way reduces the risk of directory traversal attacks. Move ColdFusion content directory to a partition different from the system partition, which contains the system32 directory, or boot partition.
Standard	Disable unnecessary sub-components
Description	Three sub-component options are available with the ColdFusion installer: ColdFusion MX 7 ODBC Services Provides a connection for data sources such as Microsoft Access. This service is unnecessary for database server access. You can disable ODBC services after installation. ColdFusion MX 7 Search Services Handles local file indexing to facilitate searches of web server content. You can disable search services after installation. Getting Started Experience, Tutorials, and Documentation Consists of sample applications and documentation to assist new users in developing ColdFusion applications. Do not enable this option on production servers.

Page 3 of 5

Previous Page

Next Page