White Paper BMC Remedy Action Request System Security

Size: px
Start display at page:

Download "White Paper BMC Remedy Action Request System Security"

Transcription

1 White Paper BMC Remedy Action Request System Security June 2008

2 Contacting BMC Software You can access the BMC Software website at From this website, you can obtain information about the company, its products, corporate offices, special events, and career opportunities. United States and Canada Address BMC SOFTWARE INC 2101 CITYWEST BLVD HOUSTON TX USA Outside United States and Canada Telephone or Telephone (01) Fax (01) Fax If you have comments or suggestions about this documentation, contact Information Development by at Copyright 2008 BMC Software, Inc. BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners. IBM is a registered trademark of International Business Machines Corporation. UNIX is a registered trademark of The Open Group. BMC Software considers information included in this documentation to be proprietary and confidential. Your use of this information is subject to the terms and conditions of the applicable End User License Agreement for the product and the proprietary and restricted rights notices included in this documentation. Restricted Rights Legend U.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to restrictions, as applicable, set forth in FAR Section , DFARS , DFARS , DFARS , and DFARS , as amended from time to time. Contractor/Manufacturer is BMC Software, Inc., 2101 CityWest Blvd., Houston, TX , USA. Any contract notices should be sent to this address.

3 Customer Support You can obtain technical support by using the Support page on the BMC Software website or by contacting Customer Support by telephone or . To expedite your inquiry, please see Before Contacting BMC Software. Support Website You can obtain technical support from BMC Software 24 hours a day, 7 days a week at From this website, you can Read overviews about support services and programs that BMC Software offers. Find the most current information about BMC Software products. Search a database for problems similar to yours and possible solutions. Order or download product documentation. Report a problem or ask a question. Subscribe to receive notices when new product versions are released. Find worldwide BMC Software support center locations and contact information, including addresses, fax numbers, and telephone numbers. Support by telephone or In the United States and Canada, if you need technical support and do not have access to the Web, call or send an message to (In the Subject line, enter SupID:<yourSupportContractID>, such as SupID:12345.) Outside the United States and Canada, contact your local support center for assistance. Before Contacting BMC Software Have the following information available so that Customer Support can begin working on your issue immediately: Product information Product name Product version (release number) License number and password (trial or permanent) Operating system and environment information Machine type Operating system type, version, and service pack System hardware configuration Serial numbers Related software (database, application, and communication) including type, version, and service pack or maintenance level Sequence of events leading to the problem Commands and options that you used Messages received (and the time and date that you received them) Product error messages Messages from the operating system, such as file system full Messages from related software

4

5 White Paper BMC Remedy Action Request System Security This document provides a high-level overview of security in the BMC Remedy Action Request System (AR System), including the AR System server, clients, and libraries, the network and other resources used by AR System, and the objects and data in the applications. The following topics are provided: File system security (page 6) Security over the network (page 7) Database security (page 8) Password security (page 8) AR System server security (page 10) BMC Remedy Action Request System Security 5

6 White Paper File system security Security considerations include the machines that the software is running on, and the resources that the processes use. This section describes the security of AR System processes and data in relation to the file system. Installation and maintenance On UNIX platforms, the AR System server does not need to be installed with root permissions. You can run the installer with non-root permissions as long as the resources the installer needs are available to it. For information about installing AR System as a non-root user, see the Installing guide. Running processes on the file system The server allows workflow to access and run processes on the file system. This can be done either on the client machine (in active links), or on the server machine (in filters and escalations). Processes on the AR System server computer AR System allows filters and escalations to invoke external processes on the AR System server computer. The AR System server has access to processes and resources on the computer based on the credentials it has been given. To prevent workflow from accessing programs and resources to which it should not have access, run the AR System server as a user with limited access to resources. In this case, the AR System server can only access resources and programs that have the access permissions of the user who runs the service. This prevents users of an AR System application from writing workflow that accesses programs and resources to which they should not have access. Controlling the use of backquotes in server-side process actions By default, the AR System server does not allow any workflow commands that run a process on the server to use backquotes in the process name or its arguments. This prevents any user from exploiting parameter substitution to gain access to system information or resources. This behavior is controlled by a configuration setting. For more information about configuration settings in AR System, see the Configuring guide. Processes on the client computer The AR System allows active links to invoke external processes on the user's computer when the active link is activated from BMC Remedy User or, in some cases, from a browser. Since the client is running with the same access privileges as the person logged in to the client computer, it only has access to programs and resources to which the user has access. This ensures that an AR System client cannot access information to which it should not have access. 6 BMC Remedy Action Request System Security

7 BMC Remedy Action Request System Security Run a process from a specific directory The server can be configured so that active link processes can execute only from a specified directory. For more information about configuration settings in AR System, see the Configuring guide. Security over the network This section describes the protection of AR System data as it is sent over the network between the AR System server, the database, and the client programs. All data being passed over the network can be encrypted. This applies to the database connection, API clients, and browsers. For information about password security on the network, see Password security on page 8. Security between the AR System server and the database The AR System is capable of using encrypted connections to the database. It relies on the database client library capabilities for this encryption, and can work with any encryption provided with the database client libraries. Security between the AR System server and API clients The AR System API is capable of three levels of encryption. The default is 512 bit encryption, and and 2048-bit encryption levels are available as an option. When encryption is configured, all communication between the API client and the AR System server is encrypted, providing data security over the network. Any security policy between the AR System server and the API clients can be enforced. The server can be configured so that it works only with encrypted API calls or with only unencrypted API calls. Without any enforcement, the server allows both encrypted and unencrypted calls. All AR System clients are API-based, so turning on encryption ensures that all interactions with the server are encrypted. To configure encryption, see the BMC Remedy Encryption Products Release Notes and Installation Guide. Security between the AR System server and the plug-in server When encryption is configured on the AR System server, the connection with the plug-in server uses the same encryption as described for the connection between the AR System server and the API Clients. Security between a web browser and the mid tier Communication between a browser and the mid tier is not controlled by the AR System server in any way. Therefore, protecting network communications between these two components is dependent on the capabilities of the web server and browser in use. The customer can take advantage of the strongest level of encryption made available by his or her choice of web servers. Security over the network 7

8 White Paper The BMC Remedy Mid Tier handles this as all-or-nothing encryption. In other words, either all the pages served by the mid tier are encrypted, or none of them are encrypted. BMC strongly recommends that the web server be configured with SSL encryption. This ensures that connections from BMC Remedy User can pass user credentials securely. Security between BMC Remedy User and the mid tier When a flashboard is viewed from BMC Remedy User, the client opens a connection with the mid tier to get the content. To ensure that this communication is secure, configure the web server to use SSL. This ensures that all data being passed over the network is encrypted. Database security This section describes database security in relation to the AR System database. Tablespace The database administrator can create the tablespace and the user to be used by AR System prior to installing the AR System server. In this case, the person installing the AR System server does not need to know the SA (database administrator) credentials, and can use the user created for the installation. If the database administrator does not pre-create the tablespace, then the person installing the AR System server must know the SA password. AR System uses this account only for creating the tablespace and its user. Once this job is done the AR System server will access the database with its own user ID only. You can change the database account password used by the AR System server at any time. For information about how to do so, see the Configuring guide. User credentials table The credentials of all registered users in the AR System server are stored in a table called the user_cache. To prevent the direct manipulation of this information in the database, each record in this table is protected with an encrypted checksum. This checksum protects the user names, licenses, groups, and other information. Changing any of this information directly in the database renders the record corrupted. In that case, the record must be recreated using an AR System client. Password security This section describes password security in AR System. 8BMC Remedy Action Request System Security

9 BMC Remedy Action Request System Security Password security over the network Passwords are always encrypted when sent over the network by the AR System API. This is the case even if you do not choose to encrypt API communications with the AR System server. NOTE When BMC Remedy User displays a Flashboards object, it retrieves the content from the BMC Remedy Mid Tier. BMC strongly recommends that you configure the web server to use SSL to ensure that all data (including the password) are encrypted over the network and hence secure. Password storage User passwords are always stored in the database as an encrypted one-way hash. Once encrypted and stored, the password is not decrypted by the server at all. Passwords in the configuration files are always stored in an encrypted format. The encryption is a 56 bit DES. BMC recommends that you further protect the configuration files by setting the appropriate file access permissions. Enforcing a password policy The AR System server allows password policies to be enforced. With a password policy, you can: Force all users or individual users to change their passwords when they log in for the first time with BMC Remedy User or a browser. Enforce restrictions on passwords (HIPAA standards are shipped as the default restrictions.) Set up password expiration with scheduled warnings. Disable an account after the expiration period. Enable users to change their passwords at will. For information about configuring and enforcing password policies, see the Configuring guide. Database password The account user name and password that the AR System server uses to communicate with the database is set initially at installation time. This is stored in the AR System configuration files as an encrypted string. If the password for this account is changed in the database, you can reset it in the AR System server as well. To do so, set the new password in the configuration file as a clear text string, and restart the AR System server. The AR System server reads the clear text string and replaces it with an encrypted string. See the Configuring guide. Password security 9

10 White Paper AR System server security User authentication AR System includes features and restrictions that are part of the AR System platform that provide security to applications. The AR System provides several ways to authenticate users. Users can be registered in the AR System server, with both authentication information (passwords) and authorization information (data and form access permissions and license type). Users can be registered in an external repository such as an LDAP server. The AR System server can be configured to connect to the external server to authenticate user login IDs and to retrieve their credentials (licenses, group information, address, etc.). This is known as AR System external authentication (AREA). For information about configuring external authentication, see the Configuring guide. NOTE License information for administrators needs to be maintained in the AR System, but authentication of administrators can still be done externally. A combination of the above approaches can be used to authenticate a user externally while the authorization information is maintained in the AR System server. The AR System server provides a mechanism for using multiple authentication sources, with a fall-back mechanism that chains through these sources. For example, if the user is not found at the first LDAP authentication server, another LDAP server can be checked, followed by an attempt to authenticate the user against the information stored in the AR System server. LDAP Connection Security AR System provides a plug-in application that can be configured to talk to an LDAP server for authentication and authorization. This plug-in can use an SSL certificate to communicate with the LDAP server, providing a secure connection. Session protection The AR System server is stateless, and it carries the user name and password in each API call, verifying them each time. This enforces the validation of the user on each API call, rather than just at login. Data protection AR System implements the features described in this section to protect AR System data. 10 BMC Remedy Action Request System Security

11 BMC Remedy Action Request System Security Permissions model The AR System server provides a permissions model that allows data to be accessible only to the right people. The permissions model is based on access groups, and users have access to information based on their group membership. You can use group-based access control permissions to implement access control at various information levels and object types. This section describes some the main ways you can implement group-based access control. For more information about using access control in AR System, see the Concepts guide and the Form and Application Objects guide. Form level security Access to forms is controlled by using groups. Only users who belong to a group with permissions to the form can access the form. Field level security Group membership can also control access to individual fields on a form, providing a finer level of control. Users might have access to a form, but not to all fields on the form. They will only see information to which they have access. Row level security Each record in the form can have access control as well (row-level security). In this case, the user sees only the records that he or she has access to. Active link security Workflow executing on the client can be protected with group-based access control as well. The workflow loaded and executed by the client consoles is limited by the access privileges of the user. SQL issues The AR System allows workflow to specify SQL commands to be run on the database. Only administrators are allowed to specify these commands in active links, thus enforcing that only trusted users have access to this feature from the client. SQL injection The AR System server encloses all dates in quotes, and it escapes all quotes. This ensures that users cannot inject SQL commands into queries to access data that is otherwise hidden from them. However, if a full SQL Command is in a parameter, users might still get access to the data. BMC applications ensure they do not expose this functionality. If you customize applications, make sure the customization prevents this possibility. SQL command execution SQL command parameters are resolved each time the command is run. This ensures that users can only search fields that they have access to at run time, not when the workflow was first written. AR System server security 11

12 White Paper Cross-site scripting (XSS) BMC uses IBM AppScan to test the BMC Remedy Mid Tier against XSS and response splitting. The BMC Remedy Mid Tier is safe from all XSS and response splitting attacks as reported by the current version of AppScan. Any custom modification of the BMC Remedy Mid Tier web application should be re-validated against these security risks. Web services security The AR System relies on the user name and password being embedded in the SOAP header. To ensure this information is encrypted when passed over the network, configure the web server to use secure connections. BMC recommends that web servers use SSL certificates to provide secure connections. Data access on search operations When a user searches for data, the AR System server limits the results to the data to which that user has access. If the search is for fields to which the user does have access, the data from these fields will not be part of the result set. If the search qualification uses fields that the user does not have access to, those fields will be ignored and the qualification will be run without them. The AR System server uses a degrade policy for this purpose. Limit on number of results The server can be configured to limit the number of results that are returned on a search. This allows the server to limit the extent of a denial of service attack. Unrecognized API calls are rejected immediately, as are users who are not authenticated. This prevents the server from doing a lot of processing for invalid calls. Active links data encryption capability The AR System workflow has access to Encrypt and Decrypt functions that can be used as required. For example, an active link can use the Encrypt function to encrypt data in a regular character field, and then use the Decrypt function in a filter to convert it to clear text again. This ensures an additional layer of security over the network. NOTE If data is stored in the database in encrypted format, it is not searchable. 12 BMC Remedy Action Request System Security

13 BMC Remedy Action Request System Security Server protection The AR System server provides a number of configuration options that can be used to control the types of connections accepted. For a comprehensive list of these options, see the Configuring guide. A few options are presented here. All connections from particular types of clients, such as ODBC drivers for reporting, can be blocked out completely, or be restricted to particular time intervals. The server can set a minimum API version required, enforcing an upgrade policy for all client programs. Guest users can be disallowed from accessing AR System. If allowed, guest users have only read access to forms and data that are not protected. AR System server security 13

14 White Paper 14 BMC Remedy Action Request System Security

15

16 *92239* *92239* *92239* *92239* *92239*

Web Application Security Assessment and Vulnerability Mitigation Tests

Web Application Security Assessment and Vulnerability Mitigation Tests White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software

More information

Knowledge Article Performance Comparison: BMC Remedy ITSM Incident Management version 7.5.00 Vs. 7.0.03 on Windows

Knowledge Article Performance Comparison: BMC Remedy ITSM Incident Management version 7.5.00 Vs. 7.0.03 on Windows Knowledge Article Performance Comparison: BMC Remedy ITSM Incident Management version 7.5.00 Vs. 7.0.03 on Windows April 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website

More information

White Paper: BMC Service Management Process Model 7.6 BMC Best Practice Flows

White Paper: BMC Service Management Process Model 7.6 BMC Best Practice Flows White Paper: BMC Service Management Process Model 7.6 BMC Best Practice Flows October 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website,

More information

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service

More information

PATROL Console Server and RTserver Getting Started

PATROL Console Server and RTserver Getting Started PATROL Console Server and RTserver Getting Started Supporting PATROL Console Server 7.5.00 RTserver 6.6.00 February 14, 2005 Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.

More information

BMC Remedy IT Service Management Suite 7.6.04 Installing and Configuring Server Groups

BMC Remedy IT Service Management Suite 7.6.04 Installing and Configuring Server Groups BMC Remedy IT Service Management Suite 7.6.04 Installing and Configuring Server Groups January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From

More information

BMC Service Request Management 7.6.04 User s Guide

BMC Service Request Management 7.6.04 User s Guide BMC Service Request Management 7.6.04 User s Guide January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information

More information

CONTROL-M/Enterprise Manager API Developer Guide

CONTROL-M/Enterprise Manager API Developer Guide CONTROL-M/Enterprise Manager API Developer Guide Supporting CONTROL-M/Enterprise Manager version 6.4.01 September 2008 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.

More information

BMC Remedy Action Request System 7.6.04 Configuration Guide

BMC Remedy Action Request System 7.6.04 Configuration Guide BMC Remedy Action Request System 7.6.04 Configuration Guide January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain

More information

BMC Remedy IT Service Management 7.5.00 Concepts Guide

BMC Remedy IT Service Management 7.5.00 Concepts Guide BMC Remedy IT Service Management 7.5.00 Concepts Guide February 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain

More information

BMC Remedy Action Request System Installation Guide

BMC Remedy Action Request System Installation Guide BMC Remedy Action Request System 7.6.04 Installation Guide January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain

More information

Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. Legal Notices Copyright 1999, 2009 BMC Software, Inc. Copyright 1996-2014 Numara Software, Inc. BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered

More information

BMC Impact Solutions Infrastructure Management Guide

BMC Impact Solutions Infrastructure Management Guide BMC Impact Solutions Infrastructure Management Guide Supporting BMC Impact Manager version 7.3 BMC Impact Administration Server 7.3 BMC Impact Explorer version 7.3 BMC Impact Portal version 7.3 February

More information

Control-M for Hadoop. Technical Bulletin. www.bmc.com

Control-M for Hadoop. Technical Bulletin. www.bmc.com Technical Bulletin Control-M for Hadoop Version 8.0.00 September 30, 2014 Tracking number: PACBD.8.0.00.004 BMC Software is announcing that Control-M for Hadoop now supports the following: Secured Hadoop

More information

BMC Performance Manager Portal Monitoring and Management Guide

BMC Performance Manager Portal Monitoring and Management Guide BMC Performance Manager Portal Monitoring and Management Guide Supporting BMC Performance Manager Portal 2.7 Remote Service Monitor 2.7 April 2009 www.bmc.com Contacting BMC Software You can access the

More information

BMC Remedy Action Request System 7.6.04 Integration Guide

BMC Remedy Action Request System 7.6.04 Integration Guide BMC Remedy Action Request System 7.6.04 Integration Guide January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

BMC Remedy IT Service Management 7.0 Data Management Administrator s Guide

BMC Remedy IT Service Management 7.0 Data Management Administrator s Guide BMC Remedy IT Service Management 7.0 Data Management Administrator s Guide November 2007 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website,

More information

Management Reporter Integration Guide for Microsoft Dynamics GP

Management Reporter Integration Guide for Microsoft Dynamics GP Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics GP July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565

More information

Embarcadero Performance Center 2.7 Installation Guide

Embarcadero Performance Center 2.7 Installation Guide Embarcadero Performance Center 2.7 Installation Guide Copyright 1994-2009 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco, CA 94111 U.S.A.

More information

White Paper August 2006. BMC Best Practice Process Flows for ITIL Change Management

White Paper August 2006. BMC Best Practice Process Flows for ITIL Change Management White Paper August 2006 BMC Best Practice Process Flows for ITIL Change Management Copyright 1991 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names,

More information

BMC BladeLogic Client Automation Installation Guide

BMC BladeLogic Client Automation Installation Guide BMC BladeLogic Client Automation Installation Guide Supporting BMC BladeLogic Client Automation 8.2.02 January 2013 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.

More information

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2 HYPERION SYSTEM 9 MASTER DATA MANAGEMENT RELEASE 9.2 N-TIER INSTALLATION GUIDE P/N: DM90192000 Copyright 2005-2006 Hyperion Solutions Corporation. All rights reserved. Hyperion, the Hyperion logo, and

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Control-M SSL Guide. Supporting

Control-M SSL Guide. Supporting Control-M SSL Guide Supporting Version 7.0.00 of Control-M/Enterprise Manager Version 7.0.00 of Control-M/Server for UNIX and Microsoft Windows Version 7.0.00 of Control-M/Agent for UNIX and Microsoft

More information

Management Reporter Integration Guide for Microsoft Dynamics AX

Management Reporter Integration Guide for Microsoft Dynamics AX Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics AX July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565

More information

BMC Remedy Knowledge Management 7.2 Planning and Configuration Guide

BMC Remedy Knowledge Management 7.2 Planning and Configuration Guide BMC Remedy Knowledge Management 7.2 Planning and Configuration Guide December 2007 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website,

More information

BMC Remedy Service Desk: Problem Management User. Guide. Supporting. Version 7.6.04 of BMC Remedy Problem Management. January 2011. www.bmc.

BMC Remedy Service Desk: Problem Management User. Guide. Supporting. Version 7.6.04 of BMC Remedy Problem Management. January 2011. www.bmc. BMC Remedy Service Desk: Problem Management User Guide Supporting Version 7.6.04 of BMC Remedy Problem Management January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website

More information

SECURITY DOCUMENT. BetterTranslationTechnology

SECURITY DOCUMENT. BetterTranslationTechnology SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of

More information

Installation and configuration guide

Installation and configuration guide Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For

More information

BMC Remedy IT Service Management Concepts Guide

BMC Remedy IT Service Management Concepts Guide BMC Remedy IT Service Management Concepts Guide Supporting Version 7.6.04 of BMC Remedy Asset Management Version 7.6.04 of BMC Remedy Change Management Version 7.6.04 of BMC Remedy Service Desk January

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information

FileMaker Server 14. FileMaker Server Help

FileMaker Server 14. FileMaker Server Help FileMaker Server 14 FileMaker Server Help 2007 2015 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and FileMaker Go are trademarks

More information

Polycom CMA System Upgrade Guide

Polycom CMA System Upgrade Guide Polycom CMA System Upgrade Guide 5.0 May 2010 3725-77606-001C Trademark Information Polycom, the Polycom Triangles logo, and the names and marks associated with Polycom s products are trademarks and/or

More information

TrueSight Operations Management Monitoring Studio

TrueSight Operations Management Monitoring Studio USER DOCUMENTATION APPLICATIONS MONITORING TrueSight Operations Management Monitoring Studio Version 9.0.00 June 2015 Contacting BMC Software You can access the BMC Software Web site at http://www.bmc.com.

More information

Installation and configuration guide

Installation and configuration guide Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for

More information

BMC Track-It! Web. Web Services API Guide. Version 11.3

BMC Track-It! Web. Web Services API Guide. Version 11.3 BMC Track-It! Web Web Services API Guide Version 11.3 Legal Notices Copyright 1999, 2009 BMC Software, Inc. Copyright 1989-2014 Numara Software, Inc. BMC, BMC Software, and the BMC Software logo are the

More information

Using LDAP Authentication in a PowerCenter Domain

Using LDAP Authentication in a PowerCenter Domain Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,

More information

BMC Impact Event Adapters User Guide

BMC Impact Event Adapters User Guide BMC Impact Event Adapters User Guide Supporting BMC Event and Impact Management 2.0 BMC ProactiveNet Performance Manager 8.0 November 2009 www.bmc.com Contacting BMC Software You can access the BMC Software

More information

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication

More information

BMC Remedy Service Desk: Problem Management 7.0 User s Guide

BMC Remedy Service Desk: Problem Management 7.0 User s Guide BMC Remedy Service Desk: Problem Management 7.0 User s Guide June 2006 Part No: 60846 Copyright 1991 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names,

More information

BlackShield ID Agent for Remote Web Workplace

BlackShield ID Agent for Remote Web Workplace Agent for Remote Web Workplace 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication may be reproduced,

More information

CA Mobile Device Management 2014 Q1 Getting Started

CA Mobile Device Management 2014 Q1 Getting Started CA Mobile Device Management 2014 Q1 Getting Started This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

BMC Impact Manager Knowledge Base Reference Guide. Version 3.2.00

BMC Impact Manager Knowledge Base Reference Guide. Version 3.2.00 BMC Impact Manager Knowledge Base Reference Guide Version 3.2.00 July 2003 Copyright 2003 BMC Software, Inc. All rights reserved. BMC Software, the BMC Software logos, and all other BMC Software product

More information

Web Plus Security Features and Recommendations

Web Plus Security Features and Recommendations Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of

More information

SafeGuard Easy upgrade guide. Product version: 7

SafeGuard Easy upgrade guide. Product version: 7 SafeGuard Easy upgrade guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6 4.1 Upgrade

More information

FileMaker Server 11. FileMaker Server Help

FileMaker Server 11. FileMaker Server Help FileMaker Server 11 FileMaker Server Help 2010 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker is a trademark of FileMaker, Inc. registered

More information

Configure an ODBC Connection to SAP HANA

Configure an ODBC Connection to SAP HANA Configure an ODBC Connection to SAP HANA 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise)

More information

Kentico CMS security facts

Kentico CMS security facts Kentico CMS security facts ELSE 1 www.kentico.com Preface The document provides the reader an overview of how security is handled by Kentico CMS. It does not give a full list of all possibilities in the

More information

Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1

Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1 Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1 Microsoft Corporation Published: December 2010 Microsoft Dynamics is a line of integrated, adaptable business management

More information

LISTSERV LDAP Documentation

LISTSERV LDAP Documentation LISTSERV LDAP Documentation L Soft Sweden AB 2007 28 November 2007 Overview LISTSERV version 15.5 can interface to LDAP servers to authenticate user logins, to insert LDAP attributes in mail merge distributions

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

BMC Remedy Service Desk: Incident Management User. Guide. Supporting. Version 7.6.04 of BMC Remedy Incident Management. January 2011. www.bmc.

BMC Remedy Service Desk: Incident Management User. Guide. Supporting. Version 7.6.04 of BMC Remedy Incident Management. January 2011. www.bmc. BMC Remedy Service Desk: Incident Management User Guide Supporting Version 7.6.04 of BMC Remedy Incident Management January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website

More information

Good Dynamics. Security White Paper

Good Dynamics. Security White Paper Good Dynamics Security White Paper Table of Contents 1 Overview... 3 1.1 Security Features... 4 1.2 How Data is Protected... 4 2 The Good Dynamics Client... 5 2.1 Data Storage on the Client... 5 2.2 User

More information

BSM Interoperability 8.0.00 Installation and Configuration Guide

BSM Interoperability 8.0.00 Installation and Configuration Guide BSM Interoperability 8.0.00 Installation and Configuration Guide December 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you

More information

etrust Audit Using the Recorder for Check Point FireWall-1 1.5

etrust Audit Using the Recorder for Check Point FireWall-1 1.5 etrust Audit Using the Recorder for Check Point FireWall-1 1.5 This documentation and related computer software program (hereinafter referred to as the Documentation ) is for the end user s informational

More information

Bentley CONNECT Dynamic Rights Management Service

Bentley CONNECT Dynamic Rights Management Service v1.0 Implementation Guide Last Updated: March 20, 2013 Table of Contents Notices...5 Chapter 1: Introduction to Management Service...7 Chapter 2: Configuring Bentley Dynamic Rights...9 Adding Role Services

More information

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5 Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5 Disclaimer The following is intended to outline our general product

More information

External Network & Web Application Assessment. For The XXX Group LLC October 2012

External Network & Web Application Assessment. For The XXX Group LLC October 2012 External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution

More information

Coveo Platform 7.0. Oracle Knowledge Connector Guide

Coveo Platform 7.0. Oracle Knowledge Connector Guide Coveo Platform 7.0 Oracle Knowledge Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing

More information

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere

More information

Administrator s Guide for the Polycom Video Control Application (VCA)

Administrator s Guide for the Polycom Video Control Application (VCA) Administrator s Guide for the Polycom Video Control Application (VCA) Version 1.1 November 2007 Edition 3725-26448-004/A Trademark Information Polycom and the Polycom logo design are registered trademarks

More information

BMC Remedy Action Request System 7.0 Configuring

BMC Remedy Action Request System 7.0 Configuring BMC Remedy Action Request System 7.0 Configuring May 2006 Part No: 58466 Copyright 1991 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names, BMC Software,

More information

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc. P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc. Product Category: Password Management/Provisioning Validation Date: TBD Product Abstract M-Tech software streamlines

More information

New Features... 1 Installation... 3 Upgrade Changes... 3 Fixed Limitations... 4 Known Limitations... 5 Informatica Global Customer Support...

New Features... 1 Installation... 3 Upgrade Changes... 3 Fixed Limitations... 4 Known Limitations... 5 Informatica Global Customer Support... Informatica Corporation B2B Data Exchange Version 9.5.0 Release Notes June 2012 Copyright (c) 2006-2012 Informatica Corporation. All rights reserved. Contents New Features... 1 Installation... 3 Upgrade

More information

Unicenter NSM Integration for BMC Remedy. User Guide

Unicenter NSM Integration for BMC Remedy. User Guide Unicenter NSM Integration for BMC Remedy User Guide This documentation and any related computer software help programs (hereinafter referred to as the Documentation ) is for the end user s informational

More information

Sage CRM Connector Tool White Paper

Sage CRM Connector Tool White Paper White Paper Document Number: PD521-01-1_0-WP Orbis Software Limited 2010 Table of Contents ABOUT THE SAGE CRM CONNECTOR TOOL... 1 INTRODUCTION... 2 System Requirements... 2 Hardware... 2 Software... 2

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3

Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3 Contents Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3 Introduction... 3 How to Register a UNIX Host in a One-Way Trust Domain Environment... 4 Creating a Windows Agentless

More information

Dell InTrust 11.0. Preparing for Auditing Microsoft SQL Server

Dell InTrust 11.0. Preparing for Auditing Microsoft SQL Server 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement.

More information

FileMaker Server 7 and FileMaker Server 7 Advanced Documentation Errata

FileMaker Server 7 and FileMaker Server 7 Advanced Documentation Errata FileMaker Server 7 and FileMaker Server 7 Advanced Documentation Errata The following pages clarify information or correct errors in the FileMaker Server 7 and FileMaker Server 7 Advanced documentation.

More information

Application Security Testing. Indian Computer Emergency Response Team (CERT-In)

Application Security Testing. Indian Computer Emergency Response Team (CERT-In) Application Security Testing Indian Computer Emergency Response Team (CERT-In) OWASP Top 10 Place to start for learning about application security risks. Periodically updated What is OWASP? Open Web Application

More information

Magento Security and Vulnerabilities. Roman Stepanov

Magento Security and Vulnerabilities. Roman Stepanov Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection

More information

Novell Identity Manager

Novell Identity Manager Password Management Guide AUTHORIZED DOCUMENTATION Novell Identity Manager 3.6.1 June 05, 2009 www.novell.com Identity Manager 3.6.1 Password Management Guide Legal Notices Novell, Inc. makes no representations

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

Perceptive Content Security

Perceptive Content Security Perceptive Content Security Best Practices Perceptive Content, Version: 7.1.x Written by: Product Knowledge, R&D Date: June 2015 2015 Perceptive Software. All rights reserved. Perceptive Software is a

More information

IBM WebSphere Application Server Version 7.0

IBM WebSphere Application Server Version 7.0 IBM WebSphere Application Server Version 7.0 Centralized Installation Manager for IBM WebSphere Application Server Network Deployment Version 7.0 Note: Before using this information, be sure to read the

More information

FileMaker Server 15. FileMaker Server Help

FileMaker Server 15. FileMaker Server Help FileMaker Server 15 FileMaker Server Help 2007 2016 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and FileMaker Go are trademarks

More information

An Oracle White Paper September 2013. Directory Services Integration with Database Enterprise User Security

An Oracle White Paper September 2013. Directory Services Integration with Database Enterprise User Security An Oracle White Paper September 2013 Directory Services Integration with Database Enterprise User Security Disclaimer The following is intended to outline our general product direction. It is intended

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

Management Reporter Integration Guide for Microsoft Dynamics NAV

Management Reporter Integration Guide for Microsoft Dynamics NAV Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics NAV July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565

More information

CA Workload Automation Agent for Databases

CA Workload Automation Agent for Databases CA Workload Automation Agent for Databases Implementation Guide r11.3.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the

More information

NovaBACKUP. Storage Server. NovaStor / May 2011

NovaBACKUP. Storage Server. NovaStor / May 2011 NovaBACKUP Storage Server NovaStor / May 2011 2011 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without notice.

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Installation & Configuration Guide

Installation & Configuration Guide Installation & Configuration Guide Bluebeam Studio Enterprise ( Software ) 2014 Bluebeam Software, Inc. All Rights Reserved. Patents Pending in the U.S. and/or other countries. Bluebeam and Revu are trademarks

More information

BEAWebLogic. Portal. WebLogic Portlets for SAP Installation Guide

BEAWebLogic. Portal. WebLogic Portlets for SAP Installation Guide BEAWebLogic Portal WebLogic Portlets for SAP Installation Guide Version 8.1 with Service Pack 4 (SAP Portlets Version 1.1) Document Revised: September 2004 Copyright Copyright 2004-2005 BEA Systems, Inc.

More information

Management Reporter Integration Guide for Microsoft Dynamics NAV

Management Reporter Integration Guide for Microsoft Dynamics NAV Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics NAV September 2014 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565

More information

Strong Authentication for Microsoft SharePoint

Strong Authentication for Microsoft SharePoint Strong Authentication for Microsoft SharePoint with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise

More information

PATROL From a Database Administrator s Perspective

PATROL From a Database Administrator s Perspective PATROL From a Database Administrator s Perspective September 28, 2001 Author: Cindy Bean Senior Software Consultant BMC Software, Inc. 3/4/02 2 Table of Contents Introduction 5 Database Administrator Tasks

More information

How to Secure a Groove Manager Web Site

How to Secure a Groove Manager Web Site How to Secure a Groove Manager Web Site Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations,

More information

AGILEXRM REFERENCE ARCHITECTURE

AGILEXRM REFERENCE ARCHITECTURE AGILEXRM REFERENCE ARCHITECTURE 2012 AgilePoint, Inc. Table of Contents 1. Introduction 4 1.1 Disclaimer of warranty 4 1.2 AgileXRM components 5 1.3 Access from PES to AgileXRM Process Engine Database

More information

Web Application Report

Web Application Report Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012

More information

Monitoring App V eg Enterprise v6

Monitoring App V eg Enterprise v6 Monitoring App V eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced or

More information

About this release. McAfee Application Control and Change Control 6.1.1. Addendum. Content change tracking. Configure content change tracking rule

About this release. McAfee Application Control and Change Control 6.1.1. Addendum. Content change tracking. Configure content change tracking rule Addendum McAfee Application Control and Change Control 6.1.1 About this release For use with epolicy Orchestrator 4.6 5.0 Software This document is an addendum to the McAfee Change Control and Application

More information

MBAM Self-Help Portals

MBAM Self-Help Portals MBAM Self-Help Portals Authoring a self-help portal workflow for BitLocker Recovery Using Microsoft BitLocker Administration and Monitoring (MBAM) Technical White Paper Published: September 2011 Priyaa

More information

SSO Plugin. Installation for BMC AR System and WUT. J System Solutions. http://www.javasystemsolutions.com Version 3.4

SSO Plugin. Installation for BMC AR System and WUT. J System Solutions. http://www.javasystemsolutions.com Version 3.4 SSO Plugin Installation for BMC AR System and WUT J System Solutions http://www.javasystemsolutions.com Version 3.4 Table of Contents Introduction... 4 Compatibility... 5 Mixing versions of SSO Plugin...5

More information

An Oracle White Paper June 2014. Security and the Oracle Database Cloud Service

An Oracle White Paper June 2014. Security and the Oracle Database Cloud Service An Oracle White Paper June 2014 Security and the Oracle Database Cloud Service 1 Table of Contents Overview... 3 Security architecture... 4 User areas... 4 Accounts... 4 Identity Domains... 4 Database

More information

BMC Remedy Action Request System 7.0 Error Messages

BMC Remedy Action Request System 7.0 Error Messages BMC Remedy Action Request System 7.0 Messages May 2006 Part No: 58471 Copyright 1991 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names, BMC Software,

More information