Home
Installing
Learn how to install the product.
Post installation tasks
After you install AppScan® Enterprise, complete these postinstallation tasks.
Securing the deployment
Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
Updating the Java™ SDK policy files
AppScan® Enterprise provides Java™ SDK 7.0 that contains strong but limited jurisdiction policy files. Some key formats (such as PKCS #12) that are provided by a Certificate Authority (CA) might be protected with algorithms that are not provided with the limited policy files in Java SDK 7.0. Before you replace self-signed certificates with CA-issued certificates, update your Java SDK policy files.

Installing
Learn how to install the product.
- Planning the deployment and installation
  The configuration you use depends on a number of factors: what you plan to do with the software, how your organization and website or applications are structured, and how the information is to be distributed. Before you install the current release, review the information about hardware and software requirements, licensing, and other deployment considerations.
- Preinstallation tasks
  Before you install AppScan® Enterprise, you will need to prepare and configure your system.
- Installation tasks
  This section provides the instructions for installing AppScan® Enterprise.
- Post installation tasks
  After you install AppScan® Enterprise, complete these postinstallation tasks.
  - Postinstallation checklist
    After you install AppScan® Enterprise, review and complete all of the necessary tasks on the postinstallation checklist.
  - Verifying the agent service and alerting service installation
    During installation, two services were installed: the Agent Service and the Alert Service. You need to ensure that these services have been installed and are started. If the agent service is not started, any jobs that users create will not be picked up and run by the Server. If the alerting service is not started, any alerts that have been configured for users will not be issued. Make sure that only one instance of the alerting service is installed; otherwise, duplicate notifications might be sent out.
  - Configuring a basic user registry for the Liberty profile
  - Securing the deployment
    Follow these steps during installation and configuration to ensure your AppScan® Enterprise instance is secure.
    - Trusting the certificate authority
      If your certificate is not from a trusted authority, you will need to trust it on your client machine.
    - Disabling weak cipher suites in IIS
      By default, IIS is installed with 2 weak SSL 2.0 cipher suites that are enabled: SSL2_RC4_128_WITH_MD5 and SSL2_DES_192_EDE3_CBC_WITH_MD5. This can impact the security of AppScan Enterprise, and the cipher suites should be disabled.
    - Updating the Java™ SDK policy files
      AppScan® Enterprise provides Java™ SDK 7.0 that contains strong but limited jurisdiction policy files. Some key formats (such as PKCS #12) that are provided by a Certificate Authority (CA) might be protected with algorithms that are not provided with the limited policy files in Java SDK 7.0. Before you replace self-signed certificates with CA-issued certificates, update your Java SDK policy files.
    - Securing the SQL Server database
      Depending on whether you have the Enterprise or Standard version of SQL Server, securing your data is a critical database maintenance practice.
  - Support for FIPS 140-2 and NIST SP800-131a security standards
    The National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. AppScan® Enterprise Server can be configured to work with various security standards to meet security requirements required by the US government.
  - Authenticating with the Common Access Card (CAC)
    The Common Access Card is the standard identification for active duty uniformed service personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel in the United States. It is used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems. The CAC can be used for access into computers and networks that are equipped with various smart card readers. When it is inserted into the reader, the device asks the user for a PIN. This task helps you set up AppScan® Enterprise to allow CAC authentication over LDAP so that users can log in to AppScan Enterprise without providing a user name and password.
- Advanced installation scenarios

Updating the Java™ SDK policy files

AppScan® Enterprise provides Java™ SDK 7.0 that contains strong but limited jurisdiction policy files. Some key formats (such as PKCS #12) that are provided by a Certificate Authority (CA) might be protected with algorithms that are not provided with the limited policy files in Java™ SDK 7.0. Before you replace self-signed certificates with CA-issued certificates, update your Java™ SDK policy files.

About this task

The unrestricted JCE policy files that are provided in the policy file update can ensure that you have the correct algorithms for CA-issued certificates.

Procedure

Use a browser to go to http://www.ibm.com/developerworks/java/jdk/security/index.html.
Click Java SE 7.
On the website that launches, click IBM® SDK Policy files in the table of contents and then ibm.com® on the page that opens in the content pane.
On the website, enter your HCL®.com ID and password.
Select Files for Java 5.0 SR16, Java 6 SR13, Java 6 SR5 (J9 VM2.6), Java 7 SR4, and all later releases and click Continue.
View the license, check I agree, and click I confirm.
Click Download now.
Extract the unlimited jurisdiction policy files that are packaged in a compressed file. The compressed file contains a US_export_policy.jar file and a local_policy.jar file.
On the server where AppScan® Enterprise is installed, back up the following files:
- US_export_policy.jar
- local_policy.jar
Note: These files are installed in the following directory by default: <installdir>/AppScan Enterprise/Liberty/jre/lib/security/.
Replace the US_export_policy.jar and local_policy.jar files with the updated files from the compressed file that you downloaded.