Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.

Slides:

Advertisements

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Advertisements

Copyright © 2005, SAS Institute Inc. All rights reserved. User Authentication and Single Sign-on Across the SAS ® 9 Platform Larry Noe and Scott Sweetland,

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Configuring Windows to run Dr.Web scanner remotely.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

1 Preparing Windows 2000 installation (Week 3, Wednesday 2/25/2006) © Abdou Illia, Spring 2006.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Security and Policy Enforcement Mark Gibson Dave Northey

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Chapter 5 Database Application Security Models

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

TWSd Configuring Tivoli Workload Scheduler Security 1of3

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Working with Workgroups and Domains

Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Dangers of the Internet CEL : C O M P U T E R S I N E V E R Y D A Y L I F E CEL 1 Dangers of the Internet Name: ____________________ Class: ________________.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Are you feeling secure ? Lee Donaldson Information Builders.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

SQL Server Security By Mattias Lind For PASS Security VC.

The New MR Repository & Security Authorization Model Ben Naphtali WebFOCUS Product Manager Architecture and Security May 2010 Copyright 2009, Information.

Introduction to the Adapter Server Rob Mace June, 2008.

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

1 Chapter Overview Introducing Replication Planning for Replication Implementing Replication Monitoring and Administering Replication.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Module 3 Configuring File Access and Printers on Windows ® 7 Clients.

Module 11: Securing a Microsoft ASP.NET Web Application.

Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

© 2005,2006 NeoAccel Inc. Partners Presentation Authentication & Access Control.

Adxstudio Portals Training

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

19 Copyright © 2008, Oracle. All rights reserved. Security.

Secure Connected Infrastructure

Stop Those Prying Eyes Getting to Your Data

CollegeSource Security Application &

Active Directory Administration

CompTIA Security+ Study Guide (SY0-401)

Implementing Database Roles in the Enterprise Geodatababse

Designing IIS Security (IIS – Internet Information Service)

Everything you need to know about implementing AD FS

Presentation transcript:

Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008

Authentication “Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. “

Authorization “Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it.”

Google surveyed 575 IT professionals

Information Security A layered approach to authentication and authorization (auth/auth) –Physical –Network –Operating System (OS) –RDBMS –Application

Physical Security Secure the hardware –Active Reports Secure the server room Secure your passwords –Do not share it –Do not write it down

Network Security

Implement a single sign on (SSO) in a Windows network –Update the client odin.cfg

Network Security Implement a single sign on (SSO) in a Windows network –Update site.wfs

Network Security Implement a single sign on (SSO) in a Windows network –site.wfs (cont.)

Network Security Implement a single sign on (SSO) in a Windows network –site.wfs (cont.)

Operating System Security

Five authentication options –OPSYS –PTH –DBMS –LDAP –OFF

Operating System Security OPSYS –Authentication against OS –Authorization based on OS IDs Administrators have full access to web console OS ID impersonated to run reports

Operating System Security OPSYS – PLester57 is not an Administrator

Operating System Security OPSYS – Penny is the Administrator

Operating System Security OPSYS – authenticate ID to OS, not an Administrator

Operating System Security OPSYS – authenticate ID to OS, not an Administrator

Operating System Security OPSYS – authenticate ID to OS, is an Administrator

Operating System Security OPSYS – authenticate ID to OS, is an Administrator

Operating System Security OPSYS – authenticate ID to OS, is invalid

Operating System Security OPSYS – authenticate ID to OS, is invalid

Operating System Security PTH –Authentication against admin.cfg –Authorization if ID is in admin.cfg can access WebFOCUS Web Console and run reports if not can only run reports

Operating System Security PTH – Configured 1 administrator

Operating System Security PTH – Penny is administrator ID

Operating System Security PTH – ID “admin” is not administrator

Operating System Security PTH – ID “Penny” unrestricted access PTH – ID “admin” restricted access

Operating System Security DBMS –Authentication against Database vs. the OS –Authorization if ID is in the DBMS can run reports if ID is not in the DBMS cannot run reports Note: the ID’s must be set up in the DBMS to use SQL authentication vs. Windows authentication

Operating System Security DBMS – RDBMS must be up!

Operating System Security DBMS – Notice no IWA

Operating System Security DBMS Authentication –Penny Windows

Operating System Security DBMS Penny IWA

Operating System Security DBMS Authentication –SQLUser SQL Server

Operating System Security DBMS SQLUser SQL Server

Operating System Security LDAP –Authentication against LDAP file –Authorization if ID is in the LDAP file(s) can run reports if ID is not in the LDAP file(s) cannot run reports

Operating System Security LDAP

Operating System Security LDAP – Microsoft Active Directory

Operating System Security OFF – Danger!! “badID” can do anything the administrator ID that started the server can do!!

Database Security DBMS can be used for Authentication

Database Security Data Adapter – Explicit

Database Security Data Adapter – Explicit, invalid ID/pwd

Database Security Data Adapter – Password Passthru

Database Security Data Adapter – Trusted

Application Security Managed Reporting Environment

Application Security Managed Reporting Environment –Authentication

Application Security Managed Reporting Environment –Authorization

Application Security Managed Reporting Environment –Analytical User

Application Security Managed Reporting Environment –Content Manager

Summary A layered approach to authentication and authorization (auth/auth) –Physical –Network –Operating System (OS) –RDBMS –Application WebFOCUS hits four out of five!

Questions? Thank you!!