Replication Server version 15.2 is available for the Common Criteria configuration (called the Evaluated Configuration). Replication Server's evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme.
To satisfy all functional security requirements of Common Criteria certification, configure Replication Server as follows, in addition to the configuration information given in the Replication Server guides.
Ensure there are no general-purpose computing capabilities, such as compilers or user applications available on the machine running Replication Server, other than those services necessary for the operation, administration and support of the Replication Server.
Choose your password carefully. Your password helps prevent access by unauthorized people. When you create your password, follow these rules to create a password:
Use a combination of uppercase and lowercase letters and numbers in your password. These are most difficult to guess.
Passwords must be at least 6 bytes long.
Passwords can consist of any printable letters, numbers, or symbols.
A password must be enclosed in quotation marks if it contains spaces.
Remember not to do the following:
NULL passwords should not be used in the Common Criteria evaluated Replication Server configuration.
Do not use information in your password such as your birthday, street address, or any other word or number that has anything to do with you and can be guessed.
Do not use names of pets or loved ones.
Do not use words that appear in the dictionary or words spelled backwards.
Never give anyone your password, and never write it down where anyone can see it.
Replication Server does not support the use of network based security and user authentication in Common Criteria configuration.
Hence all users are identified and authenticated by Replication Server.
Disregard the following information in Replication Server 15.2 Design Guide on page 162:
Use the no_password option when the primary database employs a “unified login” or when the user on the primary database has set a proxy. In both cases RepAgent does not recognize a user password. For LTL version 200 or later, no_password is available with Replication Server version 11.5 or later.
While configuring Replication Server using rs_init, select Replication Server Password Encryption option to “Yes.” This ensures that all passwords are encrypted in the Replication Server configuration file and in the RSSD. If you do not encrypt passwords, anyone with the required permissions can look at the passwords in the configuration files and in the RSSD rs_users system table.
Configure Replication Server to use Secure Sockets Layer (SSL), which is also known as Transport Layer Security (TLS), in the Common Criteria Configuration. See “Managing SSL Security” in Chapter 8, “Managing Replication Server Security” in the Replication Server 15.2 Administration Guide Volume 1.
