1 / 51

Secure Authentication and Authorization for WebFOCUS Implementation

Learn about the importance of authentication and authorization in securing WebFOCUS, covering physical, network, OS, RDBMS, and application security layers. Understand key protocols and best practices.

sibley
Télécharger la présentation

Secure Authentication and Authorization for WebFOCUS Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008

  2. Authentication • “Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. “

  3. Authorization • “Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it.”

  4. www.google.com/a/security • Google surveyed 575 IT professionals

  5. Information Security • A layered approach to authentication and authorization (auth/auth) • Physical • Network • Operating System (OS) • RDBMS • Application

  6. Physical Security • Secure the hardware • Active Reports • Secure the server room • Secure your passwords • Do not share it • Do not write it down

  7. Network Security

  8. Network Security

  9. Network Security • Implement a single sign on (SSO) in a Windows network • Update the client odin.cfg

  10. Network Security • Implement a single sign on (SSO) in a Windows network • Update site.wfs

  11. Network Security • Implement a single sign on (SSO) in a Windows network • site.wfs (cont.)

  12. Network Security • Implement a single sign on (SSO) in a Windows network • site.wfs (cont.)

  13. Operating System Security

  14. Operating System Security • Five authentication options • OPSYS • PTH • DBMS • LDAP • OFF

  15. Operating System Security • OPSYS • Authentication against OS • Authorization based on OS IDs • Administrators have full access to web console • OS ID impersonated to run reports

  16. Operating System Security • OPSYS – PLester57 is not an Administrator

  17. Operating System Security • OPSYS – Penny is the Administrator

  18. Operating System Security • OPSYS – authenticate ID to OS, not an Administrator

  19. Operating System Security • OPSYS – authenticate ID to OS, not an Administrator

  20. Operating System Security • OPSYS – authenticate ID to OS, is an Administrator

  21. Operating System Security • OPSYS – authenticate ID to OS, is an Administrator

  22. Operating System Security • OPSYS – authenticate ID to OS, is invalid

  23. Operating System Security • OPSYS – authenticate ID to OS, is invalid

  24. Operating System Security • PTH • Authentication against admin.cfg • Authorization • if ID is in admin.cfg can access WebFOCUS Web Console and run reports • if not can only run reports

  25. Operating System Security • PTH – Configured 1 administrator

  26. Operating System Security • PTH – Penny is administrator ID

  27. Operating System Security • PTH – ID “admin” is not administrator

  28. Operating System Security • PTH – ID “Penny” unrestricted access • PTH – ID “admin” restricted access

  29. Operating System Security • DBMS • Authentication against Database vs. the OS • Authorization • if ID is in the DBMS can run reports • if ID is not in the DBMS cannot run reports Note: the ID’s must be set up in the DBMS to use SQL authentication vs. Windows authentication

  30. Operating System Security • DBMS – RDBMS must be up!

  31. Operating System Security • DBMS – Notice no IWA

  32. Operating System Security • DBMS Authentication • Penny • Windows

  33. Operating System Security • DBMS Penny IWA

  34. Operating System Security • DBMS Authentication • SQLUser • SQL Server

  35. Operating System Security • DBMS SQLUser SQL Server

  36. Operating System Security • LDAP • Authentication against LDAP file • Authorization • if ID is in the LDAP file(s) can run reports • if ID is not in the LDAP file(s) cannot run reports

  37. Operating System Security • LDAP

  38. Operating System Security • LDAP – Microsoft Active Directory

  39. Operating System Security • OFF – Danger!! • “badID” can do anything the administrator ID that started the server can do!!

  40. Database Security • DBMS can be used for Authentication

  41. Database Security • Data Adapter – Explicit

  42. Database Security • Data Adapter – Explicit, invalid ID/pwd

  43. Database Security • Data Adapter – Password Passthru

  44. Database Security • Data Adapter – Trusted

  45. Application Security • Managed Reporting Environment

  46. Application Security • Managed Reporting Environment • Authentication

  47. Application Security • Managed Reporting Environment • Authorization

  48. Application Security • Managed Reporting Environment • Analytical User

  49. Application Security • Managed Reporting Environment • Content Manager

  50. Summary • A layered approach to authentication and authorization (auth/auth) • Physical • Network • Operating System (OS) • RDBMS • Application • WebFOCUS hits four out of five!

More Related