Download presentation
Presentation is loading. Please wait.
Published byJewel Nelson Modified over 9 years ago
1
Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008
2
Authentication “Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. “
3
Authorization “Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it.”
4
www.google.com/a/security Google surveyed 575 IT professionals
5
Information Security A layered approach to authentication and authorization (auth/auth) –Physical –Network –Operating System (OS) –RDBMS –Application
6
Physical Security Secure the hardware –Active Reports Secure the server room Secure your passwords –Do not share it –Do not write it down
7
Network Security
9
Implement a single sign on (SSO) in a Windows network –Update the client odin.cfg
10
Network Security Implement a single sign on (SSO) in a Windows network –Update site.wfs
11
Network Security Implement a single sign on (SSO) in a Windows network –site.wfs (cont.)
12
Network Security Implement a single sign on (SSO) in a Windows network –site.wfs (cont.)
13
Operating System Security
14
Five authentication options –OPSYS –PTH –DBMS –LDAP –OFF
15
Operating System Security OPSYS –Authentication against OS –Authorization based on OS IDs Administrators have full access to web console OS ID impersonated to run reports
16
Operating System Security OPSYS – PLester57 is not an Administrator
17
Operating System Security OPSYS – Penny is the Administrator
18
Operating System Security OPSYS – authenticate ID to OS, not an Administrator
19
Operating System Security OPSYS – authenticate ID to OS, not an Administrator
20
Operating System Security OPSYS – authenticate ID to OS, is an Administrator
21
Operating System Security OPSYS – authenticate ID to OS, is an Administrator
22
Operating System Security OPSYS – authenticate ID to OS, is invalid
23
Operating System Security OPSYS – authenticate ID to OS, is invalid
24
Operating System Security PTH –Authentication against admin.cfg –Authorization if ID is in admin.cfg can access WebFOCUS Web Console and run reports if not can only run reports
25
Operating System Security PTH – Configured 1 administrator
26
Operating System Security PTH – Penny is administrator ID
27
Operating System Security PTH – ID “admin” is not administrator
28
Operating System Security PTH – ID “Penny” unrestricted access PTH – ID “admin” restricted access
29
Operating System Security DBMS –Authentication against Database vs. the OS –Authorization if ID is in the DBMS can run reports if ID is not in the DBMS cannot run reports Note: the ID’s must be set up in the DBMS to use SQL authentication vs. Windows authentication
30
Operating System Security DBMS – RDBMS must be up!
31
Operating System Security DBMS – Notice no IWA
32
Operating System Security DBMS Authentication –Penny Windows
33
Operating System Security DBMS Penny IWA
34
Operating System Security DBMS Authentication –SQLUser SQL Server
35
Operating System Security DBMS SQLUser SQL Server
36
Operating System Security LDAP –Authentication against LDAP file –Authorization if ID is in the LDAP file(s) can run reports if ID is not in the LDAP file(s) cannot run reports
37
Operating System Security LDAP
38
Operating System Security LDAP – Microsoft Active Directory
39
Operating System Security OFF – Danger!! “badID” can do anything the administrator ID that started the server can do!!
40
Database Security DBMS can be used for Authentication
41
Database Security Data Adapter – Explicit
42
Database Security Data Adapter – Explicit, invalid ID/pwd
43
Database Security Data Adapter – Password Passthru
44
Database Security Data Adapter – Trusted
45
Application Security Managed Reporting Environment
46
Application Security Managed Reporting Environment –Authentication
47
Application Security Managed Reporting Environment –Authorization
48
Application Security Managed Reporting Environment –Analytical User
49
Application Security Managed Reporting Environment –Content Manager
50
Summary A layered approach to authentication and authorization (auth/auth) –Physical –Network –Operating System (OS) –RDBMS –Application WebFOCUS hits four out of five!
51
Questions? Thank you!!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.