Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.
-
Upload
jewel-nelson -
Category
Documents
-
view
215 -
download
0
Transcript of Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.
![Page 1: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/1.jpg)
Information Security and
WebFOCUS
Penny J Lester
SVP Delivery Services
August 22, 2008
![Page 2: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/2.jpg)
Authentication
• “Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. “
![Page 3: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/3.jpg)
Authorization
• “Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it.”
![Page 4: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/4.jpg)
www.google.com/a/security
• Google surveyed 575 IT professionals
•
•
![Page 5: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/5.jpg)
Information Security
• A layered approach to authentication and authorization (auth/auth)– Physical– Network– Operating System (OS)– RDBMS– Application
![Page 6: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/6.jpg)
Physical Security
• Secure the hardware– Active Reports
• Secure the server room
• Secure your passwords– Do not share it– Do not write it down
![Page 7: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/7.jpg)
Network Security
![Page 8: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/8.jpg)
Network Security
![Page 9: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/9.jpg)
Network Security
• Implement a single sign on (SSO) in a Windows network– Update the client odin.cfg
![Page 10: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/10.jpg)
Network Security
• Implement a single sign on (SSO) in a Windows network– Update site.wfs
![Page 11: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/11.jpg)
Network Security
• Implement a single sign on (SSO) in a Windows network– site.wfs
(cont.)
![Page 12: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/12.jpg)
Network Security
• Implement a single sign on (SSO) in a Windows network– site.wfs
(cont.)
![Page 13: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/13.jpg)
Operating System Security
![Page 14: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/14.jpg)
Operating System Security
• Five authentication options
– OPSYS– PTH– DBMS– LDAP – OFF
![Page 15: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/15.jpg)
Operating System Security
• OPSYS – Authentication against OS– Authorization based on OS IDs
• Administrators have full access to web console• OS ID impersonated to run reports
![Page 16: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/16.jpg)
Operating System Security
• OPSYS – PLester57 is not an Administrator
![Page 17: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/17.jpg)
Operating System Security
• OPSYS – Penny is the Administrator
![Page 18: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/18.jpg)
Operating System Security
• OPSYS – authenticate ID to OS, not an Administrator
![Page 19: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/19.jpg)
Operating System Security
• OPSYS – authenticate ID to OS, not an Administrator
![Page 20: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/20.jpg)
Operating System Security
• OPSYS – authenticate ID to OS, is an Administrator
![Page 21: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/21.jpg)
Operating System Security
• OPSYS – authenticate ID to OS, is an Administrator
![Page 22: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/22.jpg)
Operating System Security
• OPSYS – authenticate ID to OS, is invalid
![Page 23: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/23.jpg)
Operating System Security
• OPSYS – authenticate ID to OS, is invalid
![Page 24: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/24.jpg)
Operating System Security
• PTH – Authentication against admin.cfg – Authorization
• if ID is in admin.cfg can access WebFOCUS Web Console and run reports
• if not can only run reports
![Page 25: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/25.jpg)
Operating System Security
• PTH – Configured 1 administrator
![Page 26: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/26.jpg)
Operating System Security
• PTH – Penny is administrator ID
![Page 27: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/27.jpg)
Operating System Security
• PTH – ID “admin” is not administrator
![Page 28: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/28.jpg)
Operating System Security
• PTH – ID “Penny” unrestricted access
• PTH – ID “admin” restricted access
![Page 29: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/29.jpg)
Operating System Security
• DBMS – Authentication against Database vs. the OS– Authorization
• if ID is in the DBMS can run reports • if ID is not in the DBMS cannot run reports
Note: the ID’s must be set up in the DBMS to use SQL authentication vs. Windows authentication
![Page 30: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/30.jpg)
Operating System Security
• DBMS – RDBMS must be up!
![Page 31: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/31.jpg)
Operating System Security
• DBMS – Notice no IWA
![Page 32: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/32.jpg)
Operating System Security
• DBMS Authentication – Penny
• Windows
![Page 33: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/33.jpg)
Operating System Security
• DBMS Penny IWA
![Page 34: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/34.jpg)
Operating System Security
• DBMS Authentication – SQLUser
• SQL Server
![Page 35: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/35.jpg)
Operating System Security
• DBMS SQLUser SQL Server
![Page 36: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/36.jpg)
Operating System Security
• LDAP– Authentication against LDAP file– Authorization
• if ID is in the LDAP file(s) can run reports • if ID is not in the LDAP file(s) cannot run reports
![Page 37: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/37.jpg)
Operating System Security
• LDAP
![Page 38: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/38.jpg)
Operating System Security
• LDAP – Microsoft Active Directory
![Page 39: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/39.jpg)
Operating System Security
• OFF – Danger!!
• “badID” can do anything the administrator ID that started the server can do!!
![Page 40: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/40.jpg)
Database Security
• DBMS can be used for Authentication
![Page 41: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/41.jpg)
Database Security
• Data Adapter – Explicit
![Page 42: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/42.jpg)
Database Security
• Data Adapter – Explicit, invalid ID/pwd
![Page 43: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/43.jpg)
Database Security
• Data Adapter – Password Passthru
![Page 44: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/44.jpg)
Database Security
• Data Adapter – Trusted
![Page 45: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/45.jpg)
Application Security
• Managed Reporting Environment
![Page 46: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/46.jpg)
Application Security
• Managed Reporting Environment– Authentication
![Page 47: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/47.jpg)
Application Security
• Managed Reporting Environment– Authorization
![Page 48: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/48.jpg)
Application Security
• Managed Reporting Environment– Analytical User
![Page 49: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/49.jpg)
Application Security
• Managed Reporting Environment– Content Manager
![Page 50: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/50.jpg)
Summary
• A layered approach to authentication and authorization (auth/auth)– Physical– Network– Operating System (OS)– RDBMS– Application
• WebFOCUS hits four out of five!
![Page 51: Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.](https://reader036.fdocuments.us/reader036/viewer/2022062423/56649eb75503460f94bc0e88/html5/thumbnails/51.jpg)
Questions?
Thank you!!