As the FTAC administrator, you are responsible for the following tasks:

• You define the standard admission set using the command ftmoda @s.

  Following an new installation of openFT, the standard admission set is set so that file transfer is possible without restriction. As FTAC administrator, you should therefore adapt the standard admission set to the protection requirements on your processor.

  The user can override the entries in the standard admission set only if you, as FTAC administrator, modify the admission set of the user accordingly or if you set up a privileged admission profile.

• You can display admission sets of all users of the system using the ftshwa command.

  The entries made by the FTAC administrator are listed under MAX-ADM-LEVELS, the user entries under MAX-USER-LEVELS. The smaller value is valid in each case.

• For each user in the system, you can assign an individual admission set or modify an existing one using ftmoda.

• You can specify the ADM administrator initially by setting the ADM privilege in the admission set of the ADM administrator (see section “Defining the ADM administrator”).

Alternatively you can use the openFT Explorer: In the navigation bar, click on Admission sets under Administration . All admission sets are listed in the Admission Sets object window. *STD is the standard admission set.

Using admission sets properly

With an openFT request (outbound and inbound), the admission specified in the admission set is compared with the FTAC security level of the partner concerned (see also section “Exporting the partner list”).

To protect your processor against attempted intrusion, you should set the inbound properties in the admission set as restrictively as possible for user IDs with administrator rights, i.e. at least prohibit inbound processing.

1. For secure operation, you should prevent all inbound admissions in thestandard admission set, e.g. by using the command:

   ftmoda @s -os=100 -or=100 -is=0 -ir=0 -if=0 -ip=0

2. For each user to whom inbound request may be processed, you, as FTAC administrator, should set all parameters of the corresponding admission set to 100.

3. Recommend all users to change their inbound values to 0. They may then use their profiles and the “ignore ... level” function to permit any desired access mode. Inbound requests for which the corresponding security level is 0 will then be allowed only via the FTAC transfer admission, but no longer via the login and password.

It is also possible,

• to assign partner-specific security levels, see section “Exporting the partner list”

• and for openFT partner to undergo a reliable identity check using cryptographic means, see section “Authentication”.

The use of a file name prefix in the admission profile provides additional security. This prevents switching to a parent directory.

Important

If you have high security requirements, these actions are really only useful if no other network access options are available that allow the protection mechanisms to be circumvented. In particular, this means that TCP/IP services such as ftp, tftp must not be active.