Configuring security options for Smart IT
You can choose to restrict the types of files that users can attach to Smart IT records by setting options in BMC Remedy AR System version 8.1.02 and later. For example, you might want to prohibit users from attaching executable files or scripts to the Activity feed to prevent malicious code from executing when the attachment is opened. When you restrict files, an error message is displayed if users try to attach those file types in the following contexts:
- Ticket details (for example, adding an attachment to the Description field on incidents, work orders, problem investigations, and known errors)
- CI (asset) profiles
- People profiles
- Activity feed
- Change request documents
- Knowledge articles
If you have implemented chat, you can also configure Openfire to limit the domains that have access to Smart IT chat data. By default, all domains have access, but BMC recommends that you limit access only to an authorized domain (or domains).
To restrict attachment file types in Smart IT (BMC Remedy ITSM 8.1.02 and later)
- Log in to BMC Remedy ITSM as an administrator.
- Open the AR System Administration Console, and select System > General > Server Information.
The AR System Administration: Server Information form appears.
- Click the Attachment Security tab as shown in the following figure:
AR System Administration: Server Information form — Attachment Security tab
- From the Attachment Criteria list, choose Disallow attachments with following extensions.
- In the Comma separated list of limit extensions field, enter a comma separated list of file extensions such as exe,com.
- Click Apply.
Changes take effect the next time the Smart IT cache is cleared (default 30 minutes).
For more information about Attachment Security settings, see "Setting security restrictions on file uploads" in Related topics.
To limit access to Openfire chat data
- In the openfire/conf/cross-domain-policy.xml file, change the value of the allow-access-from domain property to allow access from a specific domain (or white listed domains) as shown in the following figure. (The allow-access-from element allows a requesting domain to read data from the target domain.)
(Optional) Add more domains on separate lines; for example:
<allow-access-from domain="domain1.com" to ports="5222,5223,7070,7443" secure="true"/> <allow-access-from domain="domain2.com" to ports="5222,5223,7070,7443" secure="true"/>
- Restart the Openfire service.
The default value is set to ‘*’ (asterisk), which allows access to data from any domain. BMC recommends that you change the value to allow access only from a specific domain (or domains).
For more information about Openfire setup, see "Installing Chat on a remote server" in Related topics.