Security Ray Verhoeff Vice President – Engineering.

Slides:

Advertisements

Similar presentations

Use of RtReports in the Pharmaceutical Environment

Advertisements

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Lesson 17: Configuring Security Policies

System Center Configuration Manager Push Software By, Teresa Behm.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

Introduction To Windows NT ® Server And Internet Information Server.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Module 8: Implementing Administrative Templates and Audit Policy.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

DB-19: OpenEdge® Authentication Without the _User Table

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

PI Data Access via OLE DB/SQL

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

Hands-On Microsoft Windows Server 2008

Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.

User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.

Chapter 7: WORKING WITH GROUPS

File Recovery and Forensics

C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.

Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz

Module 7: Fundamentals of Administering Windows Server 2008.

IOS110 Introduction to Operating Systems using Windows Session 8 1.

The In’s and Out’s of the IIS 6.0 Migration Tool The In’s and Out’s of the IIS 6.0 Migration Tool Chris Adams Web Platform Supportability Lead Microsoft.

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Application Framework Richard Beeson Ray Verhoeff.

DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment Michael Jacobs Development Architect.

Module 4 : Installation Jong S. Bok

1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 8 Configuring and Managing Shared Folder Security.

Database Role Activity. DB Role and Privileges Worksheet.

Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security.

NetTech Solutions Security and Security Permissions Lesson Nine.

Module 10: Implementing Administrative Templates and Audit Policy.

SCSC 455 Computer Security Chapter 3 User Security.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Windows Server 2003 群組原則設定與管理林寶森

SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

Copyright © 2002 OSI Software, Inc. All rights reserved. Regulatory Compliant PI Batch Reporting Designing for the PI Application Framework.

The world leader in serving science OMNIC DS & Thermo Security Administration 21 CFR Part 11 Tools for FT-IR and Raman Spectroscopy.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

Module 2: Implementing an Active Directory Forest and Domain Structure.

Module Overview Installing and Configuring a Network Policy Server

Configuring Windows Firewall with Advanced Security

Introduction to SQL Server 2000 Security

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

What Is Sharepoint? Mohsen Ashkboos

Bethesda Cybersecurity Club

Presentation transcript:

Security Ray Verhoeff Vice President – Engineering

Security Agenda Operating System Security PI Server Security PI Clients Auditing “Best Practices” White Paper

Security Motivation Widely held misconceptions Pharmaceutical Industry audits

Security What do these have in common? Complete Works of Shakespeare The Bible California Tax Code Tao Te Ching 21CFR11

Security Answers… None are clear or specific Subject to interpretation Have inspired great minds to debate the issues for hours Commentaries now outweigh the original document

Security 21CFR11 Electronic Records “Code of Federal Regulations” Not Law Not Standard Subject to interpretation Details will be shaped by FDA rulings

Security Examples Electronic Signature Human Readable

Security 21CFR11 Tug-of-War Users want software to handle everything Vendors push for Standard Operating Procedures (SOP)

Security Misconceptions PI files are installed “Everyone/Full Control” piadmin/pidemo have no password No login prompt when on Server console “PI does not support Windows integrated login”

Security PI Installation “Setup” is a starting point Site must configure PI for its own environment

Security Physical Security This means locking the computer room Access to the hardware can always compromise security Reboot Power off Pull network wire

Security Operating System Security Groups, Users & Passwords control access to privileged accounts File Permissions Auditing

Security Usernames & Passwords Domain users Independently validated by Domain Controller Passwords: Lifetime: min & max Length History Complexity

Security Windows Auditing You can track just about any operation Login/Logout File Operations creation deletion execution change permissions/take ownership “Traverse Folder”

Security Windows Event Log All audit messages go here Security group Do not configure “Overwrite as Needed” Loss of audit trail SOP must be in place: backup audit trail manually purge

Security File Permissions PI Server will run with D:\PI set to: Local Administrators/Full Control Everyone else/Nothing

Security Standard Operating Procedures Control access to Domain Administrator account No auto-login Don’t expose PI directory as File Share You may expose the PI backup directory read-only

Security PI Server Security PI Firewall restrict access to your IP domain PI Trust don’t map to “piadmin” PI Users and Groups

Security Connecting to PI PI API vs. PI SDK Connecting vs. Logging In The Default User

Security The Default User no name, can’t assign one no group, can’t assign one gets “world” access Disable this in PI 3.3 SR2 if disabled, PI Server appears empty Degrade to this if you attempt a login and fail!

Security Windows Integrated Login “Login to Windows = Login to PI” You still need to: Control which Windows users are PI users Assign ownership and permissions of PI points, etc.

Security PI Trust Strong start with PI Trust table Supports Windows domain membership as well as TCP/IP credentials “Domain,User,PIuser” as “OSI,$,$” is powerful PI ICE uses this exclusively

Security PI Client User Experience PI API clients attempt a login Gives perception that PI does not support Windows login PI SDK clients attempt a trust lookup If trust is Domain-based, you have integration

Security PI SDK Clients PI Point Builder PI Tag Configurator PI Auto Point Sync PI ICE 1.0 PI ProcessBook 3.0 PI Datalink 3.0

Security 21CFR11 Audit Requirements Record Windows username of editor Contents are unreadable Contents cannot be tampered with Maintained outside primary data store

Security PI Audit Requirements Cannot detract from the primary function of the PI Server To support this: Audit trail cannot be read on-line PI does not process or format the trail pidiag -xa PI Audit Viewer

Security PI Audit Viewer – Edit

Security PI Audit Viewer – Detail

Security PI Audit Database additions PI Batch database auditing PI Module Database auditing

Security PI Audit Database futures Auditing of new events for specific points Workaround: code using “replace” mode when inserting data

Security Best Practices White Paper Gives details of Windows and PI configuration Many thanks to OSIsoft Field Service Supplements “PI in Compliance”

Security Questions? ASSIGN CONTEXT ANALYZE DISTRIBUTE VISUALIZE ACT GATHER EVENTS & DATA Data Collection from Inside and Outside the Corporation Make the data relevant to users Aggregation, Analysis, Reconciliation, Calculation, Cases Get the Information to people who need it People Need Pictures, Graphs, Trends specific to their Role Without Action, there is no Benefit. Empowered people take better Actions!