White Paper BMC Remedy Action Request System Security
|
|
- Osborn McDonald
- 8 years ago
- Views:
Transcription
1 White Paper BMC Remedy Action Request System Security June
2 Contacting BMC Software You can access the BMC Software website at From this website, you can obtain information about the company, its products, corporate offices, special events, and career opportunities. United States and Canada Address BMC SOFTWARE INC 2101 CITYWEST BLVD HOUSTON TX USA Outside United States and Canada Telephone or Telephone (01) Fax (01) Fax If you have comments or suggestions about this documentation, contact Information Development by at Copyright 2008 BMC Software, Inc. BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered or pending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners. IBM is a registered trademark of International Business Machines Corporation. UNIX is a registered trademark of The Open Group. BMC Software considers information included in this documentation to be proprietary and confidential. Your use of this information is subject to the terms and conditions of the applicable End User License Agreement for the product and the proprietary and restricted rights notices included in this documentation. Restricted Rights Legend U.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to restrictions, as applicable, set forth in FAR Section , DFARS , DFARS , DFARS , and DFARS , as amended from time to time. Contractor/Manufacturer is BMC Software, Inc., 2101 CityWest Blvd., Houston, TX , USA. Any contract notices should be sent to this address.
3 Customer Support You can obtain technical support by using the Support page on the BMC Software website or by contacting Customer Support by telephone or . To expedite your inquiry, please see Before Contacting BMC Software. Support Website You can obtain technical support from BMC Software 24 hours a day, 7 days a week at From this website, you can Read overviews about support services and programs that BMC Software offers. Find the most current information about BMC Software products. Search a database for problems similar to yours and possible solutions. Order or download product documentation. Report a problem or ask a question. Subscribe to receive notices when new product versions are released. Find worldwide BMC Software support center locations and contact information, including addresses, fax numbers, and telephone numbers. Support by telephone or In the United States and Canada, if you need technical support and do not have access to the Web, call or send an message to customer_support@bmc.com. (In the Subject line, enter SupID:<yourSupportContractID>, such as SupID:12345.) Outside the United States and Canada, contact your local support center for assistance. Before Contacting BMC Software Have the following information available so that Customer Support can begin working on your issue immediately: Product information Product name Product version (release number) License number and password (trial or permanent) Operating system and environment information Machine type Operating system type, version, and service pack System hardware configuration Serial numbers Related software (database, application, and communication) including type, version, and service pack or maintenance level Sequence of events leading to the problem Commands and options that you used Messages received (and the time and date that you received them) Product error messages Messages from the operating system, such as file system full Messages from related software
4
5 White Paper BMC Remedy Action Request System Security This document provides a high-level overview of security in the BMC Remedy Action Request System (AR System), including the AR System server, clients, and libraries, the network and other resources used by AR System, and the objects and data in the applications. The following topics are provided: File system security (page 6) Security over the network (page 7) Database security (page 8) Password security (page 8) AR System server security (page 10) BMC Remedy Action Request System Security 5
6 White Paper File system security Security considerations include the machines that the software is running on, and the resources that the processes use. This section describes the security of AR System processes and data in relation to the file system. Installation and maintenance On UNIX platforms, the AR System server does not need to be installed with root permissions. You can run the installer with non-root permissions as long as the resources the installer needs are available to it. For information about installing AR System as a non-root user, see the Installing guide. Running processes on the file system The server allows workflow to access and run processes on the file system. This can be done either on the client machine (in active links), or on the server machine (in filters and escalations). Processes on the AR System server computer AR System allows filters and escalations to invoke external processes on the AR System server computer. The AR System server has access to processes and resources on the computer based on the credentials it has been given. To prevent workflow from accessing programs and resources to which it should not have access, run the AR System server as a user with limited access to resources. In this case, the AR System server can only access resources and programs that have the access permissions of the user who runs the service. This prevents users of an AR System application from writing workflow that accesses programs and resources to which they should not have access. Controlling the use of backquotes in server-side process actions By default, the AR System server does not allow any workflow commands that run a process on the server to use backquotes in the process name or its arguments. This prevents any user from exploiting parameter substitution to gain access to system information or resources. This behavior is controlled by a configuration setting. For more information about configuration settings in AR System, see the Configuring guide. Processes on the client computer The AR System allows active links to invoke external processes on the user's computer when the active link is activated from BMC Remedy User or, in some cases, from a browser. Since the client is running with the same access privileges as the person logged in to the client computer, it only has access to programs and resources to which the user has access. This ensures that an AR System client cannot access information to which it should not have access. 6 BMC Remedy Action Request System Security
7 BMC Remedy Action Request System Security Run a process from a specific directory The server can be configured so that active link processes can execute only from a specified directory. For more information about configuration settings in AR System, see the Configuring guide. Security over the network This section describes the protection of AR System data as it is sent over the network between the AR System server, the database, and the client programs. All data being passed over the network can be encrypted. This applies to the database connection, API clients, and browsers. For information about password security on the network, see Password security on page 8. Security between the AR System server and the database The AR System is capable of using encrypted connections to the database. It relies on the database client library capabilities for this encryption, and can work with any encryption provided with the database client libraries. Security between the AR System server and API clients The AR System API is capable of three levels of encryption. The default is 512 bit encryption, and and 2048-bit encryption levels are available as an option. When encryption is configured, all communication between the API client and the AR System server is encrypted, providing data security over the network. Any security policy between the AR System server and the API clients can be enforced. The server can be configured so that it works only with encrypted API calls or with only unencrypted API calls. Without any enforcement, the server allows both encrypted and unencrypted calls. All AR System clients are API-based, so turning on encryption ensures that all interactions with the server are encrypted. To configure encryption, see the BMC Remedy Encryption Products Release Notes and Installation Guide. Security between the AR System server and the plug-in server When encryption is configured on the AR System server, the connection with the plug-in server uses the same encryption as described for the connection between the AR System server and the API Clients. Security between a web browser and the mid tier Communication between a browser and the mid tier is not controlled by the AR System server in any way. Therefore, protecting network communications between these two components is dependent on the capabilities of the web server and browser in use. The customer can take advantage of the strongest level of encryption made available by his or her choice of web servers. Security over the network 7
8 White Paper The BMC Remedy Mid Tier handles this as all-or-nothing encryption. In other words, either all the pages served by the mid tier are encrypted, or none of them are encrypted. BMC strongly recommends that the web server be configured with SSL encryption. This ensures that connections from BMC Remedy User can pass user credentials securely. Security between BMC Remedy User and the mid tier When a flashboard is viewed from BMC Remedy User, the client opens a connection with the mid tier to get the content. To ensure that this communication is secure, configure the web server to use SSL. This ensures that all data being passed over the network is encrypted. Database security This section describes database security in relation to the AR System database. Tablespace The database administrator can create the tablespace and the user to be used by AR System prior to installing the AR System server. In this case, the person installing the AR System server does not need to know the SA (database administrator) credentials, and can use the user created for the installation. If the database administrator does not pre-create the tablespace, then the person installing the AR System server must know the SA password. AR System uses this account only for creating the tablespace and its user. Once this job is done the AR System server will access the database with its own user ID only. You can change the database account password used by the AR System server at any time. For information about how to do so, see the Configuring guide. User credentials table The credentials of all registered users in the AR System server are stored in a table called the user_cache. To prevent the direct manipulation of this information in the database, each record in this table is protected with an encrypted checksum. This checksum protects the user names, licenses, groups, and other information. Changing any of this information directly in the database renders the record corrupted. In that case, the record must be recreated using an AR System client. Password security This section describes password security in AR System. 8BMC Remedy Action Request System Security
9 BMC Remedy Action Request System Security Password security over the network Passwords are always encrypted when sent over the network by the AR System API. This is the case even if you do not choose to encrypt API communications with the AR System server. NOTE When BMC Remedy User displays a Flashboards object, it retrieves the content from the BMC Remedy Mid Tier. BMC strongly recommends that you configure the web server to use SSL to ensure that all data (including the password) are encrypted over the network and hence secure. Password storage User passwords are always stored in the database as an encrypted one-way hash. Once encrypted and stored, the password is not decrypted by the server at all. Passwords in the configuration files are always stored in an encrypted format. The encryption is a 56 bit DES. BMC recommends that you further protect the configuration files by setting the appropriate file access permissions. Enforcing a password policy The AR System server allows password policies to be enforced. With a password policy, you can: Force all users or individual users to change their passwords when they log in for the first time with BMC Remedy User or a browser. Enforce restrictions on passwords (HIPAA standards are shipped as the default restrictions.) Set up password expiration with scheduled warnings. Disable an account after the expiration period. Enable users to change their passwords at will. For information about configuring and enforcing password policies, see the Configuring guide. Database password The account user name and password that the AR System server uses to communicate with the database is set initially at installation time. This is stored in the AR System configuration files as an encrypted string. If the password for this account is changed in the database, you can reset it in the AR System server as well. To do so, set the new password in the configuration file as a clear text string, and restart the AR System server. The AR System server reads the clear text string and replaces it with an encrypted string. See the Configuring guide. Password security 9
10 White Paper AR System server security User authentication AR System includes features and restrictions that are part of the AR System platform that provide security to applications. The AR System provides several ways to authenticate users. Users can be registered in the AR System server, with both authentication information (passwords) and authorization information (data and form access permissions and license type). Users can be registered in an external repository such as an LDAP server. The AR System server can be configured to connect to the external server to authenticate user login IDs and to retrieve their credentials (licenses, group information, address, etc.). This is known as AR System external authentication (AREA). For information about configuring external authentication, see the Configuring guide. NOTE License information for administrators needs to be maintained in the AR System, but authentication of administrators can still be done externally. A combination of the above approaches can be used to authenticate a user externally while the authorization information is maintained in the AR System server. The AR System server provides a mechanism for using multiple authentication sources, with a fall-back mechanism that chains through these sources. For example, if the user is not found at the first LDAP authentication server, another LDAP server can be checked, followed by an attempt to authenticate the user against the information stored in the AR System server. LDAP Connection Security AR System provides a plug-in application that can be configured to talk to an LDAP server for authentication and authorization. This plug-in can use an SSL certificate to communicate with the LDAP server, providing a secure connection. Session protection The AR System server is stateless, and it carries the user name and password in each API call, verifying them each time. This enforces the validation of the user on each API call, rather than just at login. Data protection AR System implements the features described in this section to protect AR System data. 10 BMC Remedy Action Request System Security
11 BMC Remedy Action Request System Security Permissions model The AR System server provides a permissions model that allows data to be accessible only to the right people. The permissions model is based on access groups, and users have access to information based on their group membership. You can use group-based access control permissions to implement access control at various information levels and object types. This section describes some the main ways you can implement group-based access control. For more information about using access control in AR System, see the Concepts guide and the Form and Application Objects guide. Form level security Access to forms is controlled by using groups. Only users who belong to a group with permissions to the form can access the form. Field level security Group membership can also control access to individual fields on a form, providing a finer level of control. Users might have access to a form, but not to all fields on the form. They will only see information to which they have access. Row level security Each record in the form can have access control as well (row-level security). In this case, the user sees only the records that he or she has access to. Active link security Workflow executing on the client can be protected with group-based access control as well. The workflow loaded and executed by the client consoles is limited by the access privileges of the user. SQL issues The AR System allows workflow to specify SQL commands to be run on the database. Only administrators are allowed to specify these commands in active links, thus enforcing that only trusted users have access to this feature from the client. SQL injection The AR System server encloses all dates in quotes, and it escapes all quotes. This ensures that users cannot inject SQL commands into queries to access data that is otherwise hidden from them. However, if a full SQL Command is in a parameter, users might still get access to the data. BMC applications ensure they do not expose this functionality. If you customize applications, make sure the customization prevents this possibility. SQL command execution SQL command parameters are resolved each time the command is run. This ensures that users can only search fields that they have access to at run time, not when the workflow was first written. AR System server security 11
12 White Paper Cross-site scripting (XSS) BMC uses IBM AppScan to test the BMC Remedy Mid Tier against XSS and response splitting. The BMC Remedy Mid Tier is safe from all XSS and response splitting attacks as reported by the current version of AppScan. Any custom modification of the BMC Remedy Mid Tier web application should be re-validated against these security risks. Web services security The AR System relies on the user name and password being embedded in the SOAP header. To ensure this information is encrypted when passed over the network, configure the web server to use secure connections. BMC recommends that web servers use SSL certificates to provide secure connections. Data access on search operations When a user searches for data, the AR System server limits the results to the data to which that user has access. If the search is for fields to which the user does have access, the data from these fields will not be part of the result set. If the search qualification uses fields that the user does not have access to, those fields will be ignored and the qualification will be run without them. The AR System server uses a degrade policy for this purpose. Limit on number of results The server can be configured to limit the number of results that are returned on a search. This allows the server to limit the extent of a denial of service attack. Unrecognized API calls are rejected immediately, as are users who are not authenticated. This prevents the server from doing a lot of processing for invalid calls. Active links data encryption capability The AR System workflow has access to Encrypt and Decrypt functions that can be used as required. For example, an active link can use the Encrypt function to encrypt data in a regular character field, and then use the Decrypt function in a filter to convert it to clear text again. This ensures an additional layer of security over the network. NOTE If data is stored in the database in encrypted format, it is not searchable. 12 BMC Remedy Action Request System Security
13 BMC Remedy Action Request System Security Server protection The AR System server provides a number of configuration options that can be used to control the types of connections accepted. For a comprehensive list of these options, see the Configuring guide. A few options are presented here. All connections from particular types of clients, such as ODBC drivers for reporting, can be blocked out completely, or be restricted to particular time intervals. The server can set a minimum API version required, enforcing an upgrade policy for all client programs. Guest users can be disallowed from accessing AR System. If allowed, guest users have only read access to forms and data that are not protected. AR System server security 13
14 White Paper 14 BMC Remedy Action Request System Security
15
16 *92239* *92239* *92239* *92239* *92239*
Web Application Security Assessment and Vulnerability Mitigation Tests
White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software
More informationKnowledge Article Performance Comparison: BMC Remedy ITSM Incident Management version 7.5.00 Vs. 7.0.03 on Windows
Knowledge Article Performance Comparison: BMC Remedy ITSM Incident Management version 7.5.00 Vs. 7.0.03 on Windows April 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website
More informationWhite Paper: BMC Service Management Process Model 7.6 BMC Best Practice Flows
White Paper: BMC Service Management Process Model 7.6 BMC Best Practice Flows October 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website,
More informationBMC Remedy IT Service Management Suite 7.6.04 Installing and Configuring Server Groups
BMC Remedy IT Service Management Suite 7.6.04 Installing and Configuring Server Groups January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From
More informationWhite Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems
White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service
More informationBMC Service Request Management 7.6.04 User s Guide
BMC Service Request Management 7.6.04 User s Guide January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information
More informationPATROL Console Server and RTserver Getting Started
PATROL Console Server and RTserver Getting Started Supporting PATROL Console Server 7.5.00 RTserver 6.6.00 February 14, 2005 Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.
More informationBMC Remedy Action Request System 7.6.04 Configuration Guide
BMC Remedy Action Request System 7.6.04 Configuration Guide January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain
More informationBMC Remedy IT Service Management 7.5.00 Concepts Guide
BMC Remedy IT Service Management 7.5.00 Concepts Guide February 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain
More informationCONTROL-M/Enterprise Manager API Developer Guide
CONTROL-M/Enterprise Manager API Developer Guide Supporting CONTROL-M/Enterprise Manager version 6.4.01 September 2008 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.
More informationBMC Impact Solutions Infrastructure Management Guide
BMC Impact Solutions Infrastructure Management Guide Supporting BMC Impact Manager version 7.3 BMC Impact Administration Server 7.3 BMC Impact Explorer version 7.3 BMC Impact Portal version 7.3 February
More informationBMC Remedy IT Service Management 7.0 Data Management Administrator s Guide
BMC Remedy IT Service Management 7.0 Data Management Administrator s Guide November 2007 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website,
More informationCisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Legal Notices Copyright 1999, 2009 BMC Software, Inc. Copyright 1996-2014 Numara Software, Inc. BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered
More informationBMC Remedy Action Request System 7.6.04 Integration Guide
BMC Remedy Action Request System 7.6.04 Integration Guide January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain
More informationBMC BladeLogic Client Automation Installation Guide
BMC BladeLogic Client Automation Installation Guide Supporting BMC BladeLogic Client Automation 8.2.02 January 2013 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.
More informationBMC Performance Manager Portal Monitoring and Management Guide
BMC Performance Manager Portal Monitoring and Management Guide Supporting BMC Performance Manager Portal 2.7 Remote Service Monitor 2.7 April 2009 www.bmc.com Contacting BMC Software You can access the
More informationBMC Remedy Service Desk: Problem Management User. Guide. Supporting. Version 7.6.04 of BMC Remedy Problem Management. January 2011. www.bmc.
BMC Remedy Service Desk: Problem Management User Guide Supporting Version 7.6.04 of BMC Remedy Problem Management January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website
More informationWhite Paper August 2006. BMC Best Practice Process Flows for ITIL Change Management
White Paper August 2006 BMC Best Practice Process Flows for ITIL Change Management Copyright 1991 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names,
More informationControl-M for Hadoop. Technical Bulletin. www.bmc.com
Technical Bulletin Control-M for Hadoop Version 8.0.00 September 30, 2014 Tracking number: PACBD.8.0.00.004 BMC Software is announcing that Control-M for Hadoop now supports the following: Secured Hadoop
More informationBMC Remedy Knowledge Management 7.2 Planning and Configuration Guide
BMC Remedy Knowledge Management 7.2 Planning and Configuration Guide December 2007 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website,
More informationBMC Remedy Action Request System 7.0 Configuring
BMC Remedy Action Request System 7.0 Configuring May 2006 Part No: 58466 Copyright 1991 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names, BMC Software,
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationBMC Remedy IT Service Management Concepts Guide
BMC Remedy IT Service Management Concepts Guide Supporting Version 7.6.04 of BMC Remedy Asset Management Version 7.6.04 of BMC Remedy Change Management Version 7.6.04 of BMC Remedy Service Desk January
More informationBMC Remedy Service Desk: Incident Management User. Guide. Supporting. Version 7.6.04 of BMC Remedy Incident Management. January 2011. www.bmc.
BMC Remedy Service Desk: Incident Management User Guide Supporting Version 7.6.04 of BMC Remedy Incident Management January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software website
More informationTrueSight Operations Management Monitoring Studio
USER DOCUMENTATION APPLICATIONS MONITORING TrueSight Operations Management Monitoring Studio Version 9.0.00 June 2015 Contacting BMC Software You can access the BMC Software Web site at http://www.bmc.com.
More informationBSM Interoperability 8.0.00 Installation and Configuration Guide
BSM Interoperability 8.0.00 Installation and Configuration Guide December 2009 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you
More informationEmbarcadero Performance Center 2.7 Installation Guide
Embarcadero Performance Center 2.7 Installation Guide Copyright 1994-2009 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco, CA 94111 U.S.A.
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationHow To Configure A Bmca Log File Adapter For Windows 2.5 (For Windows) For A Powerpoint 2.2 (For Microsoft) (For Ubuntu) (Powerpoint 2) (Windows) (Perl) (
BMC Impact Event Adapters User Guide Supporting BMC Event and Impact Management 2.0 BMC ProactiveNet Performance Manager 8.0 November 2009 www.bmc.com Contacting BMC Software You can access the BMC Software
More informationControl-M SSL Guide. Supporting
Control-M SSL Guide Supporting Version 7.0.00 of Control-M/Enterprise Manager Version 7.0.00 of Control-M/Server for UNIX and Microsoft Windows Version 7.0.00 of Control-M/Agent for UNIX and Microsoft
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationManagement Reporter Integration Guide for Microsoft Dynamics GP
Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics GP July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565
More informationManagement Reporter Integration Guide for Microsoft Dynamics AX
Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics AX July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565
More informationBMC Impact Manager Knowledge Base Reference Guide. Version 3.2.00
BMC Impact Manager Knowledge Base Reference Guide Version 3.2.00 July 2003 Copyright 2003 BMC Software, Inc. All rights reserved. BMC Software, the BMC Software logos, and all other BMC Software product
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationHYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2
HYPERION SYSTEM 9 MASTER DATA MANAGEMENT RELEASE 9.2 N-TIER INSTALLATION GUIDE P/N: DM90192000 Copyright 2005-2006 Hyperion Solutions Corporation. All rights reserved. Hyperion, the Hyperion logo, and
More informationFileMaker Server 11. FileMaker Server Help
FileMaker Server 11 FileMaker Server Help 2010 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker is a trademark of FileMaker, Inc. registered
More informationIntegration for BMC Remedy Service Desk
Integration for BMC Remedy Service Desk User Guide Supporting Integration for BMC Remedy Service Desk 7.3.01 BMC Impact Manager 7.3.01 BMC Remedy Service Desk 7.3.01 BMC ProactiveNet Performance Management
More informationThis document contains the following topics:
Release Notification BMC Discovery Solution Version 8.1.00 December 18, 2009 This document describes the products and components contained in version 8.1.00 of BMC Discovery Solution. If you have any questions,
More informationBMC Track-It! Web. Web Services API Guide. Version 11.3
BMC Track-It! Web Web Services API Guide Version 11.3 Legal Notices Copyright 1999, 2009 BMC Software, Inc. Copyright 1989-2014 Numara Software, Inc. BMC, BMC Software, and the BMC Software logo are the
More informationUnicenter NSM Integration for BMC Remedy. User Guide
Unicenter NSM Integration for BMC Remedy User Guide This documentation and any related computer software help programs (hereinafter referred to as the Documentation ) is for the end user s informational
More informationUpdate and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1
Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1 Microsoft Corporation Published: December 2010 Microsoft Dynamics is a line of integrated, adaptable business management
More informationBMC Remedy Action Request System 7.0 Administering BMC Remedy Email Engine
BMC Remedy Action Request System 7.0 Administering BMC Remedy Email Engine May 2006 Part No: 58475 Copyright 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service
More informationBMC Impact Solutions Concepts Guide
BMC Impact Solutions Concepts Guide Supporting BMC Impact Manager 7.3 BMC Impact Event Adapters 7.3 BMC Impact Administration Server 7.3 BMC Impact Explorer 7.3 BMC Impact Publishing Server 7.3 BMC Impact
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationSSO Plugin. Installation for BMC AR System and WUT. J System Solutions. http://www.javasystemsolutions.com Version 3.4
SSO Plugin Installation for BMC AR System and WUT J System Solutions http://www.javasystemsolutions.com Version 3.4 Table of Contents Introduction... 4 Compatibility... 5 Mixing versions of SSO Plugin...5
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationConnection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V
Connection Broker Managing User Connections to Workstations, Blades, VDI, and More Quick Start with Microsoft Hyper-V Version 8.1 October 21, 2015 Contacting Leostream Leostream Corporation http://www.leostream.com
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For
More informationBMC ProactiveNet Performance Management - Veritas Cluster Server Monitoring
BMC ProactiveNet Performance Management - Veritas Cluster Server Monitoring User Documentation January 2013 Contacting BMC Software You can access the BMC Software Web site at http://www.bmc.com/. From
More informationSECURITY DOCUMENT. BetterTranslationTechnology
SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationCA Mobile Device Management 2014 Q1 Getting Started
CA Mobile Device Management 2014 Q1 Getting Started This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationFileMaker Server 14. FileMaker Server Help
FileMaker Server 14 FileMaker Server Help 2007 2015 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and FileMaker Go are trademarks
More informationAlarmPoint Adapter for BMC Remedy AR System by AlarmPoint Systems
AlarmPoint Adapter for BMC Remedy AR System by AlarmPoint Systems User Guide Supporting AlarmPoint Adapter for BMC Remedy AR System by AlarmPoint Systems November 30, 2007 Contacting BMC Software You can
More informationLISTSERV LDAP Documentation
LISTSERV LDAP Documentation L Soft Sweden AB 2007 28 November 2007 Overview LISTSERV version 15.5 can interface to LDAP servers to authenticate user logins, to insert LDAP attributes in mail merge distributions
More informationFileMaker Server 13. FileMaker Server Help
FileMaker Server 13 FileMaker Server Help 2010-2013 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and Bento are trademarks of FileMaker,
More informationBMC FootPrints Asset Core - Asset Discovery. Version 11.7
BMC FootPrints Asset Core - Asset Discovery Version 11.7 Legal Notices Copyright 1999, 2009 BMC Software, Inc. Copyright 1994-2013 Numara Software, Inc. BMC, BMC Software, and the BMC Software logo are
More informationCA Identity Manager. Glossary. r12.5 SP8
CA Identity Manager Glossary r12.5 SP8 This documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your informational
More informationPolycom CMA System Upgrade Guide
Polycom CMA System Upgrade Guide 5.0 May 2010 3725-77606-001C Trademark Information Polycom, the Polycom Triangles logo, and the names and marks associated with Polycom s products are trademarks and/or
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationRemedy IT Service Management 5.6 Installation and Configuration Guide
Remedy IT Service Management 5.6 Installation and Configuration Guide March 2004 Part No: ITSM-560-ICG-01 Copyright 2004 BMC Software, Inc. All rights reserved. Remedy, the Remedy logo, all other Remedy
More informationBlackShield ID Agent for Terminal Services Web and Remote Desktop Web
Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication
More informationBEAWebLogic. Portal. WebLogic Portlets for SAP Installation Guide
BEAWebLogic Portal WebLogic Portlets for SAP Installation Guide Version 8.1 with Service Pack 4 (SAP Portlets Version 1.1) Document Revised: September 2004 Copyright Copyright 2004-2005 BEA Systems, Inc.
More informationBlackShield ID Agent for Remote Web Workplace
Agent for Remote Web Workplace 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication may be reproduced,
More informationSSO Plugin. Installation for BMC AR System. J System Solutions. http://www.javasystemsolutions.com Version 4.0
SSO Plugin Installation for BMC AR System J System Solutions Version 4.0 Page 2 of 32 Introduction... 4 Compatibility... 5 Operating systems... 5 BMC Action Request System / ITSM... 5 Java web servers...
More informationetrust Audit Using the Recorder for Check Point FireWall-1 1.5
etrust Audit Using the Recorder for Check Point FireWall-1 1.5 This documentation and related computer software program (hereinafter referred to as the Documentation ) is for the end user s informational
More informationCA ARCserve Backup for Windows
CA ARCserve Backup for Windows Agent for Sybase Guide r16 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationScheduling in SAS 9.4 Second Edition
Scheduling in SAS 9.4 Second Edition SAS Documentation The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2015. Scheduling in SAS 9.4, Second Edition. Cary, NC: SAS Institute
More informationNetIQ Identity Manager Setup Guide
NetIQ Identity Manager Setup Guide July 2015 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationSAS 9.4 Intelligence Platform
SAS 9.4 Intelligence Platform Application Server Administration Guide SAS Documentation The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2013. SAS 9.4 Intelligence Platform:
More informationWeb Plus Security Features and Recommendations
Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of
More informationOracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release 10.1.4.1.0 E12613-01
Oracle Enterprise Single Sign-on Provisioning Gateway Administrator Guide Release 10.1.4.1.0 E12613-01 March 2009 Oracle Enterprise Single Sign-on Provisioning Gateway, Administrator Guide, Release 10.1.4.1.0
More informationSymantec Protection Engine for Cloud Services 7.0 Release Notes
Symantec Protection Engine for Cloud Services 7.0 Release Notes Symantec Protection Engine for Cloud Services Release Notes The software described in this book is furnished under a license agreement and
More informationOracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5
Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y 2 0 1 5 Disclaimer The following is intended to outline our general product
More informationPATROL From a Database Administrator s Perspective
PATROL From a Database Administrator s Perspective September 28, 2001 Author: Cindy Bean Senior Software Consultant BMC Software, Inc. 3/4/02 2 Table of Contents Introduction 5 Database Administrator Tasks
More informationBMC Impact Solutions. Service Modeling and Publishing Guide. Supporting. BMC Impact Service Model Editor 7.3 BMC Impact Publishing Server 7.
BMC Impact Solutions Service Modeling and Publishing Guide Supporting BMC Impact Service Model Editor 7.3 BMC Impact Publishing Server 7.3 February 2009 www.bmc.com Contacting BMC Software You can access
More informationFairsail REST API: Guide for Developers
Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,
More informationADSMConnect Agent for Oracle Backup on Sun Solaris Installation and User's Guide
ADSTAR Distributed Storage Manager ADSMConnect Agent for Oracle Backup on Sun Solaris Installation and User's Guide IBM Version 2 SH26-4063-00 IBM ADSTAR Distributed Storage Manager ADSMConnect Agent
More informationChapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3
Contents Chapter 1: How to Register a UNIX Host in a One-Way Trust Domain Environment 3 Introduction... 3 How to Register a UNIX Host in a One-Way Trust Domain Environment... 4 Creating a Windows Agentless
More informationCommonSpot Content Server Version 6.2 Release Notes
CommonSpot Content Server Version 6.2 Release Notes Copyright 1998-2011 PaperThin, Inc. All rights reserved. About this Document CommonSpot version 6.2 updates the recent 6.1 release with: Enhancements
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationWhite Paper November 2006. BMC Best Practice Process Flows for Asset Management and ITIL Configuration Management
White Paper November 2006 BMC Best Practice Process Flows for Asset and ITIL Configuration Copyright 2006 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service names,
More informationCoveo Platform 7.0. Oracle Knowledge Connector Guide
Coveo Platform 7.0 Oracle Knowledge Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationUnicenter NSM Integration for Remedy (v 1.0.5)
Unicenter NSM Integration for Remedy (v 1.0.5) The Unicenter NSM Integration for Remedy package brings together two powerful technologies to enable better tracking, faster diagnosis and reduced mean-time-to-repair
More informationDell InTrust 11.0. Preparing for Auditing Microsoft SQL Server
2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement.
More informationScheduling in SAS 9.3
Scheduling in SAS 9.3 SAS Documentation The correct bibliographic citation for this manual is as follows: SAS Institute Inc 2011. Scheduling in SAS 9.3. Cary, NC: SAS Institute Inc. Scheduling in SAS 9.3
More informationProtected Trust Directory Sync Guide
Protected Trust Directory Sync Guide Protected Trust Directory Sync Guide 2 Overview Protected Trust Directory Sync enables your organization to synchronize the users and distribution lists in Active Directory
More informationBlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise
More informationCA SiteMinder. Directory Configuration - OpenLDAP. r6.0 SP6
CA SiteMinder Directory Configuration - OpenLDAP r6.0 SP6 This documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationIBM WebSphere Application Server Version 7.0
IBM WebSphere Application Server Version 7.0 Centralized Installation Manager for IBM WebSphere Application Server Network Deployment Version 7.0 Note: Before using this information, be sure to read the
More informationSafeGuard Easy upgrade guide. Product version: 7
SafeGuard Easy upgrade guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 Check the system requirements...4 3 Download installers...5 4 About upgrading...6 4.1 Upgrade
More information