Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.

Information Security and

WebFOCUS

Penny J Lester

SVP Delivery Services

August 22, 2008

Authentication

• “Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. “

Authorization

• “Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it.”

www.google.com/a/security

• Google surveyed 575 IT professionals

Information Security

• A layered approach to authentication and authorization (auth/auth)– Physical– Network– Operating System (OS)– RDBMS– Application

Physical Security

• Secure the hardware– Active Reports

• Secure the server room

• Secure your passwords– Do not share it– Do not write it down

Network Security

• Implement a single sign on (SSO) in a Windows network– Update the client odin.cfg

Network Security

• Implement a single sign on (SSO) in a Windows network– Update site.wfs

Network Security

• Implement a single sign on (SSO) in a Windows network– site.wfs

(cont.)

Network Security

• Implement a single sign on (SSO) in a Windows network– site.wfs

(cont.)

Operating System Security

• Five authentication options

– OPSYS– PTH– DBMS– LDAP – OFF

• OPSYS – Authentication against OS– Authorization based on OS IDs

• Administrators have full access to web console• OS ID impersonated to run reports

• OPSYS – PLester57 is not an Administrator

• OPSYS – Penny is the Administrator

• OPSYS – authenticate ID to OS, not an Administrator

• OPSYS – authenticate ID to OS, is an Administrator

• OPSYS – authenticate ID to OS, is invalid

• PTH – Authentication against admin.cfg – Authorization

• if ID is in admin.cfg can access WebFOCUS Web Console and run reports

• if not can only run reports

• PTH – Configured 1 administrator

• PTH – Penny is administrator ID

• PTH – ID “admin” is not administrator

• PTH – ID “Penny” unrestricted access

• PTH – ID “admin” restricted access

• DBMS – Authentication against Database vs. the OS– Authorization

• if ID is in the DBMS can run reports • if ID is not in the DBMS cannot run reports

Note: the ID’s must be set up in the DBMS to use SQL authentication vs. Windows authentication

• DBMS – RDBMS must be up!

• DBMS – Notice no IWA

• DBMS Authentication – Penny

• Windows

• DBMS Penny IWA

• DBMS Authentication – SQLUser

• SQL Server

• DBMS SQLUser SQL Server

• LDAP– Authentication against LDAP file– Authorization

• if ID is in the LDAP file(s) can run reports • if ID is not in the LDAP file(s) cannot run reports

• LDAP

• LDAP – Microsoft Active Directory

• OFF – Danger!!

• “badID” can do anything the administrator ID that started the server can do!!

Database Security

• DBMS can be used for Authentication

Database Security

• Data Adapter – Explicit

Database Security

• Data Adapter – Explicit, invalid ID/pwd

Database Security

• Data Adapter – Password Passthru

Database Security

• Data Adapter – Trusted

Application Security

• Managed Reporting Environment

• Managed Reporting Environment– Authentication

• Managed Reporting Environment– Authorization

• Managed Reporting Environment– Analytical User

• Managed Reporting Environment– Content Manager

Summary

• A layered approach to authentication and authorization (auth/auth)– Physical– Network– Operating System (OS)– RDBMS– Application

• WebFOCUS hits four out of five!

Questions?

Thank you!!

Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.

Documents

Transcript of Information Security and WebFOCUS Penny J Lester SVP Delivery Services August 22, 2008.

WebFOCUS Tips and Techniques WebFOCUS Tips and Techniques The Next Generation.

WebFOCUS 8 – What’s New!!??

WebFOCUS 8 Charting

WebFOCUS 8 Technical Overview - Information Builders · WebFOCUS Report Server 1. WebFOCUS 8 Security Model 18. Why a New Security Model? Customer Feedback Related to WebFOCUS 7x

WebFOCUS 8: Technical Overview

Information Security and WebFOCUS

3- WebFOCUS Roadmap Customer Update DRO · WebFOCUS Server Administrator WebFOCUS Report Caster DBA/Data Steward WebFOCUSArchitecture. Areas of Enhancements in WebFOCUS 8 Data Access

Webfocus Demo

BEGINNING WEBFOCUS REPORT WRITING

TIBCO WebFOCUS® Migration

WebFOCUS New Feature Highlights - instructional … · WebFOCUS New Feature Highlights Version 7 Release 7 This documentation describes the new features available in WebFOCUS Version

New webfocusinfocenter.informationbuilders.com · 2017. 7. 14. · Contents 1. WebFOCUS Business User Edition .............................................23 Introducing the WebFOCUS

LESTER ALTERNATOR TEST LEAD CHART - Vensel … · LESTER ALTERNATOR TEST LEAD CHART LESTER Test LESTER Test LESTER Test LESTER Test LESTER Test LESTER Test Part # Lead Part # Lead

BEGINNING WEBFOCUS REPORT WRITING - … · contains the WebFOCUS server environments that are accessible and have been configured to Developer Studio. • WebFOCUS environments can

WebFOCUS Certification Program Handbookeducation.ibi.com/Certification_Handbook.pdf · Welcome to the WebFOCUS Certification Program The WebFOCUS Certification Program is designed

WebFOCUS Active Technologies :

THINKing in WEBFOCUS

Migration Release 8206 - Information Builders...Preface This manual describes the tools for migrating from WebFOCUS 7.x releases, such as WebFOCUS 7.1.x, WebFOCUS 7.6.x, and WebFOCUS

User Guide WebFocus HR - University of Ottawahr.uottawa.ca/files/health/guides/webfocus_rh_en.pdf · User Guide WebFocus HR ... Webfocus is a web application where you can access

Jim Thorstad Technical Director, WebFOCUS Product Management WebFOCUS 8: Technical Overview 1 July 2012 Update.