Exchange Network Open Call November 17, 2011. Today’s Agenda Background on Exchange Network data access policy and data publishing New default Network.

Slides:



Advertisements
Similar presentations
MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
Advertisements

5/30/2012. Provides a method for finding services/data on the Exchange Network – discover data. Supports User Friendly Tools Can automatically collect.
Managing User, Computer and Group Accounts
Digital Certificate Installation & User Guide For Class-2 Certificates.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts
Mr C Johnston ICT Teacher
User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
DigiTool User Architecture and Overview DigiTool Version 3.0.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Introduction To Windows NT ® Server And Internet Information Server.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Lesson 18: Configuring Application Restriction Policies
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Understanding Active Directory
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
NAMS Account Activation Training. 2 What is NAMS? The NASA Account Management System is NASA’s centralized process for requesting and maintaining accounts.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Copyright 2000 eMation SECURITY - Controlling Data Access with
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
Access Training Linux/Unix Power Broker Access Custom Schema Database Access Customer Training Date: 25-JAN-2005.
SIMDAT Authentification and Autorisation Matteo Dell’Acqua ET-CTS meeting, Toulouse, May 2008.
Oracle Application Express Security. © 2009 Oracle Corporation Authentication Out-of-the-Box Pre-Configured Schemes LDAP Directory credentials Oracle.
Computer Emergency Notification System (CENS)
RAILINC I ACACSO
Module 7 Planning and Deploying Messaging Compliance.
A Brave NEtWork World Rob Willis, Ross & Associates Node Mentoring Workshop New Orleans, LA February 28, 2005.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
TIDEN Node Management Texas Integrated Data Exchange Node Partnered with.
Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
Module 6: Data Protection. Overview What does Data Protection include? Protecting data from unauthorized users and authorized users who are trying to.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Understand Permissions LESSON Security Fundamentals.
University Website Office August 2002 University Web Guidelines ● Objectives ● Outline ● Development Process.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
The Exchange Network Node Mentoring Workshop User Management on the Exchange Network Joe Carioti February 28, 2005.
4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
6 Copyright © 2007, Oracle. All rights reserved. Managing Security and Metadata.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
Working at a Small-to-Medium Business or ISP – Chapter 8
To the ETS – Accounts Setup and Preferences Online Training Course
Welcome! To the ETS – Create Client Account & Maintenance
ERO Portal Overview & CFR Tool Training
Business Risks of Insecure Networks
NAAS 2.0 Features and Enhancements
Lesson 16-Windows NT Security Issues
To the ETS – Accounts Setup and Preferences Online Training Course
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Exchange Network Open Call November 17, 2011

Today’s Agenda Background on Exchange Network data access policy and data publishing New default Network security settings for Query and Solicit web services – Impact to existing data flows Special security considerations for the Exchange Network Browser Actions for Node Administrators – Securing sensitive data – Steps for OpenNode2 users and EN Node users Reminder on Node interoperability issues

Data Publishing Basics Today, most Network data flows are powered by the Submit web service and are not publishing-oriented – Data owner initiates the exchange of data Some data flows use Query and Solicit web services to enable data publishing – Data are made available through a Node so that others with permission can access it on demand Only Nodes can support Query and Solicit web services Node Clients are not affected

EN Data Access Policy Ease of data access and exchange is a fundamental principle of the Exchange Network. Whenever possible, data owners must: – Make data accessible to partners to the maximum degree appropriate – Set node privilege defaults so EN partners can query/solicit data – Register nodes and web services to make them discoverable and accessible to trusted partners, and – Ensure that all data access and exchange relationships are governed by agreements that meet partners’ legal and programmatic obligations policy-framework/

New Default Security Settings For Nodes that Authorize data flow access using the Network Authentication and Authorization Service (NAAS), Query and Solicit services are open by default to any valid NAAS account with an authenticated security token. Any existing NAAS policies that restrict access will remain in effect and supersede these new default behaviors

Exchange Network Browser Web-based tool that allows users to discover and access data published by Exchange Network Nodes and registered in ENDS Pre-release version available today at Allows users to log-in with valid NAAS credentials to access secure data flows Will also offers Guest access to unsecured data flows for public users without their own NAAS credentials

Special Considerations for EN Browser Guest Account EN Browser uses hard-coded NAAS credentials to enable public access – User name: If you answer YES to all 3 questions below you should ensure that your flow is set up to deny access to the EN Browser guest account 1.Do you have Query or Solicit services on your Node? 2.Are those services registered in ENDS? 3.Is the data inappropriate for public access? Guest access goes live on December 12, 2011

EN Node: Security Model All queries and solicit services will be open to the angenetwork.net Guest Account by default. angenetwork.net All queries and solicit services will be open to the angenetwork.net Guest Account by default. angenetwork.net Policies defined by the Node Admin will supersede the default NAAS query and solicit security policies.

EN Node: Protecting Services Step 1: Node Admin selects “Yes” for “Require explicit NAAS rights to execute this operation” The service will be totally locked down

EN Node: Protecting Services Step 2: Node Admin can grant or deny access to a specific service on the User Management screen Check to grant privileges

EN Node: Protecting Services Once a service is secured, the Guest Account will not be able to access the service unless explicitly granted rights to do network.net has no right to the Service network.net has no right to the Service

OpenNode2: Security Model OpenNode2 uses NAAS for Authentication but not Authorization NAAS Policies are not used by OpenNode2 – Flow access permissions are stored in the OpenNode2 database OpenNode2 flows are either protected or unprotected. Users are either allowed access to all flow services or denied access to all flow services

OpenNode2: Unprotected Flows OpenNode2 flows are not protected by default. Any valid NAAS user may access the services of an unprotected flow, including anonymous EN Browser users (guests).

OpenNode2: Protecting Flows.NET OpenNode2: In the Security Manager, assign access rights of “Endpoint User” to grant access to a given flow to a user.

OpenNode2: Protecting Flows Java OpenNode2: In the Security Manager, assign access rights by checking the “Flow Access” box next to the flow name.

Reminder: Node Interoperability The specification for Exchange Network Nodes was updated in June to address problems that were preventing some Nodes from communicating Information on affected products and the fixes is available at: interoperability-faqs interoperability-faqs January 31, 2012 is the target date for reinstalling affected Node software

Questions? Kurt Rakouskas

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.