Security Recommendations

These security recommendations depend on your community's specific configuration.

CAUTION:
Each community can be configured differently. Because of this, not all of these recommendations apply to all communities. If you have any questions about these recommendations, please contact your Jive Software representative.

Internal communities are typically for employees only.

External communities are typically for customers, vendors, and other external audiences.

Security Recommendation: Applies to: Description:
Configure user login security External Communities Login security can include throttling, Captcha, and password strength requirements.

For implementation details:

See Configuring Login Security and Configuring User Registration.
Enable SSO Internal Communities A single-sign on solution can help you provide a consistent login experience for your users while providing identity management for your organization via a third-party vendor. Jive Software strongly recommends using a single sign-on solution for access to internal communities. In addition to the out-of-the-box SSO options in the application, our Professional Services team can create customizations to meet almost any single sign-on requirement.

For implementation details:

See the Single Sign-On section, or, if you need an SSO customization, contact your Jive Software account representative.
Add an extra layer of security with SSL External and Internal Communities SSL will enable you to encrypt HTTP requests. Over the past few years it's become more common for public sites that request a username and password to give the user the option to browse the site in either HTTP or HTTPS. For security and ease of use, we believe that authenticated users should always be browsing the community via HTTPS because it's become commonplace to browse the Internet via insecure wifi access points. Any community that allows its authenticated users to browse via HTTP is open to session hijacking. Current SSL solutions typically require no additional machines or hardware and require only a very small amount of CPU resources.

For implementation details:

See Enabling SSL Encryption.
Add VPN Internal Communities If you use both SSO login and SSL/HTTPS user access, you shouldn't need VPN, too. However, VPN-only access to the community can be configured for your community in both public and private cloud communities.

For implementation details:

Contact your IT department to set up VPN-only access to the Jive application.
Prevent spam in your community External Communities Everyone hates spam, and it can also present security risks. Limit it in your community as much as you can.

For implementation details:

Preventing Spam includes several suggestions for dealing with spammers and preventing spam in your community.
Understand administrative permissions and how they work External and Internal Communities Administrative permissions can be a powerful tool for limiting who can make changes to your community.

For implementation details:

See the Managing Administrative Permissions section.
Add an extra username/password verification step for Admin Console access via Apache External and Internal Communities Apache includes a couple of features that can help you keep Jive more secure. Jive runs on Tomcat behind an Apache HTTP web server. You can set up Apache features such as IP restrictions or basic authentication for specific URLs using standard Apache HTTP configurations. The main Apache HTTP configuration file for the Jive application is /usr/local/jive/etc/httpd/conf/httpd.conf.

For requests inside your network, Apache should remain totally open. The security for specific requests (admin pages, file attachments, hidden content) is all executed at the Tomcat/Java level. For every request that comes in, the user's account is looked up and the permissions are checked against the specific request. Because of this, users are only able to access URLs which they have permission to view. Some system administrators choose to set IP filtering or basic authentication (via Apache) on the Admin Console. This is primarily useful for externally-oriented Jive communities (those that allow employees, as well as vendors and customers as community users) so that users are unaware of an Admin Console. There is no security risk of leaving the /admin URL exposed. If you implement this, users trying to access any of the Admin Console pages must successfully enter their external username/password combo to gain access.

For implementation details:

See Apache's documentation.
Understand the security of the Jive Genius Recommender Service External and Internal Communities This cloud-delivered service communicates between your community and Jive Software via a secure proxy and state-of-the-art encryption protocols.

For more details:

See Jive Genius Security.
Block search robots External Communities Search robots can wreak havoc in your community, so it's a good idea to set up robot blockers.

For implementation details:

See this tutorial.