Some additional ESM modules are available in the
Enterprise Server product or as separate downloads. Here are some brief notes regarding these modules and hardening:
- eTrust ESM Module
- This module uses the CA eTrust product to make security decisions. For hardening, ensure all the
Enterprise Server resource classes are defined in eTrust, then remove any
DefaultAllow settings in the Security Manager configuration text.
- Map ESM Module
- The Map ESM Module is a special-purpose module which only performs name mapping, using a side file. If this module is used,
set the permissions for the side file to restrict write access to system administrators.
- Null ESM Module
- The Null ESM Module normally allows all security requests, but can be configured to return different results for specific
requests. Typically it is used for testing. There are no specific hardening recommendations, other than to note that since
the Null ESM Module is configured using the Security Manager
Configuration Information field, its security is limited by how access to
Enterprise Server administration is restricted.
- TSS ESM Module
- This is a variant of the MLDAP ESM Module used with the CA Top Secret mainframe security product's LDAP server. This module
has not been updated in some time, and further deployment of it is not recommended at this time.