Architecture Guidelines Application Security

Size: px
Start display at page:

Download "Architecture Guidelines Application Security"

Transcription

1 Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation and Encryption. All users (or systems) requiring access should be authenticated before they actually reach the target application using single sign-on (SSO) based on the Windows login where users are checked against Active Directory. All servers involved in a transaction, or use case, must perform authentication of the user credentials by means of an encrypted security token such as a Kerberos ticket issued by Active Directory. Network security mechanisms cannot be relied upon because they do not deal with the specific rights of individual users, therefore application-level security is necessary. User credentials such as passwords must never be transmitted in clear across the network but must always be encrypted. Single sign-on is based on Windows authentication with Active Directory and Unix-based applications may participate in SSO via plug-in components that interact with Active Directory. Definitions Authentication Identification of users and automated agents that attempt access. Authorisation Credentials EA Encryption IAM IP Control the access granted to authenticated users based on a user profile. User name and password, or equivalents for systems (automated agents) Enterprise Architecture. Encoding of data so that it cannot be decoded (decrypted) without the corresponding key Identity and Access Management Internet Protocol a transport layer protocol within the TCP/IP stack IWA Integrated Windows Authentication required setting in Internet Explorer 8/9. Kerberos RBAC SAML SIB SSO TCP Network authentication protocol Role Based Access Control Security Assertion Markup Language Standards Information Base containing standards and standard products Single sign-on users sign on once only and their credentials are propagated so that server-based applications can authenticate using an encrypted security token. Transmission Control Protocol part of the TCP/IP stack. Purpose The guidelines apply to business applications that are deployed in campus datacenters and accessible via the campus network. They provide a rules, or recommendations, that promote good security in line with industry best practice. This document is intended to help focus on the security architecture of an application early in its life cycle so that the security can be designed in from the start. Architecture Guidelines - Application Security / ISSUED version 1.0 / 08/11/2011 David Deighton, IT Architect 1 / 5

2 Guidelines 1 Authenticate users before they reach the application. Users should be positively and reliably identified at the point of access to the network and authenticated against Active Directory. 2 Authenticate access to all servers Each server that participates in a transaction, or use case, has the responsibility to verify the legitimacy of access requests. This does not mean forcing users to sign-on multiple times; it can be achieved through exchange of security tokens such as Kerberos 1 or SAML tickets. Web servers are generally exempt since they should not be used to hold sensitive information. 3 Encrypt highly confidential data. Data that is classified Highly Confidential 2 (or above) must be encrypted both at rest and in transit as defined in the Information Classification standard. 4 Base security on user credentials. Ultimately what counts is the level of access granted to specific users (whether people or automated agents) to specific information. The application security should be complete, internally consistent and not unduly reliant on network security. 5 Do not rely exclusively on network security Network security mechanisms based on routing, firewalls and server security based on exchange of certificates or control of IP addresses can help reinforce security but do not address the central issue and are therefore insufficient by themselves. 6 Promote Separation of Concerns User interface, presentation, business logic and data storage should be separated in a tiered architecture for improved security as well as scalability, performance and resilience. 7 Encrypt credentials User passwords must never be transmitted in clear text, even within a highly secure network zone. Ideally, passwords should never be transmitted or stored anywhere outside the security system itself. 8 Adopt Role Based Access Control (RBAC) Assign access privileges to roles, implemented as groups in Active Directory, rather than individuals. This should simplify administration and decouple individuals from applications. Access control is normally the responsibility of applications because it requires knowledge about application structure which is usually not available centrally. 1 Kerberos is already used across the Windows / Unix divide in Business Intelligence. 2 As defined in the Information Classification standard. 2 / 5

3 Architecture Description The following diagram gives a high-level view of the proposed architectural approach. Kerberos 3 is the network authentication standard shown, but SAML is equally secure. Figure 1 Deployment View The diagram shows Kerberos tickets emitted by Active Directory being used for authentication on Unix and Windows based servers. Kerberos is preferred since it is already live at the University. 3 Note that Kerberos requires Integrated Windows Authentication (IWA) to be enabled in the web browser. 3 / 5

4 Applications may also directly query Active Directory using LDAP where no plug-in component is available for the purpose of user authentication and to import organization units and groups for use in internal access control. The web servers are excluded from the authentication requirement since they should not be used to hold confidential information. But where web servers are embedded into the application then they should be subject to the same constraints as the application servers. The following diagram shows a scenario where all steps succeed. Active Directory is the Kerberos ticket server and responds to all requests by issuing a ticket. In practice, it would not be necessary to request a ticket for every transaction but only once per session if there is a mechanism for storing (caching) the ticket between requests. sd Security Client PC Active Directory Web Server Application Server Database Server User sign on() authenticate(user credentials) Verify user credentials via security token or server credentials via certificate Single sign on (SSO) access request(user credentials) access(http) CRUD(db credentials) data/response() Get ticket once per session, not for every request data/response(http) data(http/s) JDBC, ODBC etc. response() Figure 2 Authentication Sequence Diagram Security requires a layered approach in which the business and application layers are underpinned by a range of technical and physical security mechanisms. Business / Information Application / Data Technology / Infrastructure Focus on people and business practices Focus on applications and roles Focus on infrastructure and physical security Security Policy and Standards Information Classification standard HR Processes including Joiners/Leavers etc. Identity and Access Management (IAM) system Authentication, Authorisation, Encryption Role Based Access Control (RBAC) Network topology, routing Firewalls Physical security 4 / 5

5 Principles SEC1 SEC2 SEC3 SEC4 SEC5 SEC6 Accountability All user and system interactions and access to information must be attributable to authenticated (reliably identified) people and systems. Least Privilege When allowing access to a resource, assign the minimum necessary privileges to complete the job in hand. Defend in Depth Implement a succession of barriers that an intruder must overcome before gaining access. Assume Insecure Communications Re-authentication will be required directly on the application or data server before access is granted. No Security by Obscurity Security must be designed-in and not rely on hiding information. Transparency Security mechanisms should not impair the ability of the University to function. User credentials should be propagated all the way through an application and included in all audit logs even if service accounts are used to access databases etc. Guideline: 4 Avoid superuser accounts, access control should be specific and fit the business need. Guideline: 4 A combination of application and infrastructure security mechanisms are necessary to achieve good security. Guidelines: 1, 2, 3, 4, 5, 6, 7 Guidelines: 2, 5, 6 Security should not be compromised by the availability of design documents such as network diagrams. Guideline: 5 Security tokens such as Kerberos or SAML tickets, should be used to avoid onerous multiple sign-on. Guideline: 2 Standards Applicable standards include: AES Advanced Encryption Standard The AES algorithm should be used for all encryption needs, preferably with 256-bit keys. HTTPS Hypertext Transfer Protocol Secure Protects web traffic by encrypting with an implementation of the AES algorithm (TLS/SSL). Kerberos Network Authentication Protocol Kerberos or SAML tickets should be used as security SAML Security Assertion Markup Language tokens involved in server authentication. Further Information If you have any questions or comments concerning this document, please contact IT Architecture via . Security and other architectural principles can be found in the Enterprise Architecture Principles document. Standards can be found in the IT Services Standards Information Base (SIB). 5 / 5

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

OpenHRE Security Architecture. (DRAFT v0.5)

OpenHRE Security Architecture. (DRAFT v0.5) OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Perceptive Experience Single Sign-On Solutions

Perceptive Experience Single Sign-On Solutions Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark

More information

HP Software as a Service. Federated SSO Guide

HP Software as a Service. Federated SSO Guide HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

API-Security Gateway Dirk Krafzig

API-Security Gateway Dirk Krafzig API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing

More information

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011 NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity

More information

Novell Access Manager SSL Virtual Private Network

Novell Access Manager SSL Virtual Private Network White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Building Secure Applications. James Tedrick

Building Secure Applications. James Tedrick Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

CERN, Information Technology Department alberto.pace@cern.ch

CERN, Information Technology Department alberto.pace@cern.ch Identity Management Alberto Pace CERN, Information Technology Department alberto.pace@cern.ch Computer Security The present of computer security Bugs, Vulnerabilities, Known exploits, Patches Desktop Management

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: McGill University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Canadian Access Federation: Trust Assertion Document (TAD) Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes

More information

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams. Exam : P_ADM_SEC_70 Title : SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 Version : Demo 1 / 5 1.Which of the following statements regarding SSO and SAP Logon Tickets are true?

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: Royal Roads University_ Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they

More information

Increase the Security of Your Box Account With Single Sign-On

Increase the Security of Your Box Account With Single Sign-On A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability

More information

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user

More information

Get Success in Passing Your Certification Exam at first attempt!

Get Success in Passing Your Certification Exam at first attempt! Get Success in Passing Your Certification Exam at first attempt! Exam : 000-003 Title : Fundamentals of Applying Tivoli Security and Compliance Management Solutions V2 Version : Demo 1.What is another

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN CONNECTING TO THE CLOUD DAVID CHAPPELL DECEMBER 2009 SPONSORED BY AMAZON AND MICROSOFT CORPORATION CONTENTS The Challenge:

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES pingidentity.com EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES Best practices for identity federation in AWS Table of Contents Executive Overview 3 Introduction: Identity and Access Management in Amazon

More information

CA SiteMinder SSO Agents for ERP Systems

CA SiteMinder SSO Agents for ERP Systems PRODUCT SHEET: CA SITEMINDER SSO AGENTS FOR ERP SYSTEMS CA SiteMinder SSO Agents for ERP Systems CA SiteMinder SSO Agents for ERP Systems help organizations minimize sign-on requirements and increase security

More information

Xerox DocuShare Private Cloud Service. Security White Paper

Xerox DocuShare Private Cloud Service. Security White Paper Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

SAP Business Objects Security

SAP Business Objects Security SAP Business Objects Security Pal Alagarsamy President Business Intelligence Practice GloWiz Inc 1 GloWiz Inc GloWiz is an IT Staffing and Consulting company since 2005 We focus on Business Intelligence,

More information

IT Architecture Review. ISACA Conference Fall 2003

IT Architecture Review. ISACA Conference Fall 2003 IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture

More information

PRIVACY, SECURITY AND THE VOLLY SERVICE

PRIVACY, SECURITY AND THE VOLLY SERVICE PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Security & Cloud Services IAN KAYNE

Security & Cloud Services IAN KAYNE Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents

More information

HOBCOM and HOBLink J-Term

HOBCOM and HOBLink J-Term HOB GmbH & Co. KG Schwadermühlstr. 3 90556 Cadolzburg Germany Tel: +49 09103 / 715-0 Fax: +49 09103 / 715-271 E-Mail: support@hobsoft.com Internet: www.hobsoft.com HOBCOM and HOBLink J-Term Single Sign-On

More information

Integrating Single Sign-on Across the Cloud By David Strom

Integrating Single Sign-on Across the Cloud By David Strom Integrating Single Sign-on Across the Cloud By David Strom TABLE OF CONTENTS Introduction 1 Access Control: Web and SSO Gateways 2 Web Gateway Key Features 2 SSO Key Features 3 Conclusion 5 Author Bio

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

IQS Identity and Access Management

IQS Identity and Access Management IQS Identity and Access Management Identity Management Authentication Authorization Administration www.-center.com The next generation security solution 2003 RSA Security Conference IAM is a combination

More information

PERSPECTIVES. State of the Art. Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync

PERSPECTIVES. State of the Art. Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync State of the Art Mobile Single Sign-On to Microsoft Exchange with OWA and ActiveSync This document describes a secure single sign-on (SSO) solution for accessing Microsoft Exchange on tablets and smartphones.

More information

Directory and File Transfer Services. Chapter 7

Directory and File Transfer Services. Chapter 7 Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Open Directory. Apple s standards-based directory and network authentication services architecture. Features Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data

More information

Cloudbuz at Glance. How to take control of your File Transfers!

Cloudbuz at Glance. How to take control of your File Transfers! How to take control of your File Transfers! A MFT solution for ALL organisations! Cloudbuz is a MFT (Managed File Transfer) platform for organisations and businesses installed On-Premise or distributed

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Single Sign-on (SSO) technologies for the Domino Web Server

Single Sign-on (SSO) technologies for the Domino Web Server Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145

More information

PASS4TEST 専 門 IT 認 証 試 験 問 題 集 提 供 者

PASS4TEST 専 門 IT 認 証 試 験 問 題 集 提 供 者 PASS4TEST 専 門 IT 認 証 試 験 問 題 集 提 供 者 http://www.pass4test.jp 1 年 で 無 料 進 級 することに 提 供 する Exam : 000-003 Title : Fundamentals of Applying Tivoli Security and Compliance Management Solutions V2 Vendors :

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

Building Secure Wireless Local Area Networks

Building Secure Wireless Local Area Networks Building Secure ireless Local Area Networks A hite Paper By Colubris Networks Inc. Author: Pierre Trudeau (President) COLUBRIS.COM Introduction Ubiquitous network access without wires. This is the powerful

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Single Sign-On: Reviewing the Field

Single Sign-On: Reviewing the Field Outline Michael Grundmann Erhard Pointl Johannes Kepler University Linz January 16, 2009 Outline 1 Why Single Sign-On? 2 3 Criteria Categorization 4 Overview shibboleth 5 Outline Why Single Sign-On? Why

More information

> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional

> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional Web Access Management May 2008 CA Canada Seminar > Please fill your survey to be eligible for a prize draw Only contact info is required for prize draw Survey portion is optional > How to Transform Tactical

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Citrix MetaFrame XP Security Standards and Deployment Scenarios Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document

More information

Secure web transactions system

Secure web transactions system Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends

More information

How to Implement Enterprise SAML SSO

How to Implement Enterprise SAML SSO How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

How to Configure Captive Portal

How to Configure Captive Portal How to Configure Captive Portal Captive portal is one of the user identification methods available on the Palo Alto Networks firewall. Unknown users sending HTTP or HTTPS 1 traffic will be authenticated,

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Single Sign On In A CORBA-Based

Single Sign On In A CORBA-Based Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:

More information

Security Guide July 2015

Security Guide July 2015 Security Guide July 2015 UCMojo, is a cloud hosted video and web collaboration service provided by a division of Global Interactive Solutions. We employ the technology and software provided by Zoom to

More information

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations

More information

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004 Oracle Identity Management: Integration with Windows An Oracle White Paper December. 2004 Oracle Identity Management: Integration with Windows Introduction... 3 Goals for Windows Integration... 4 Directory

More information

SSL VPN Technology White Paper

SSL VPN Technology White Paper SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and

More information

Siebel Security Guide. Version 8.0, Rev. C February 2011

Siebel Security Guide. Version 8.0, Rev. C February 2011 Siebel Security Guide Version 8.0, Rev. C February 2011 Copyright 2005, 2011 Oracle and/or its affiliates. All rights reserved. The Programs (which include both the software and documentation) contain

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

Is your mainframe less secure than your file server? Malcolm Trigg Solutions Consultant 24 th February 2016

Is your mainframe less secure than your file server? Malcolm Trigg Solutions Consultant 24 th February 2016 Is your mainframe less secure than your file server? Malcolm Trigg Solutions Consultant 24 th February 2016 The World s Changed What is my account balance? The World s Changed Internal Security Standards

More information

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

ELM Manages Identities of 4 Million Government Program Users with. Identity Server ELM Manages Identities of 4 Million Government Program Users with Identity Server ELM Implements Single Sign-on With WSO2 Identity Server to Streamline Administration, Improve Productivity, and Reduce

More information

Siebel Security Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

Siebel Security Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Siebel Security Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Building Reference Security Architecture

Building Reference Security Architecture Information Security, Privacy and Compliance Building Reference Security Architecture Bob Steadman, Sr. Director Predrag Zivic, Sr. Security Architect Information Security Too many organizations still

More information

Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments. Dragos Manac 01.10.2008

Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments. Dragos Manac 01.10.2008 Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments Dragos Manac 01.10.2008 Agenda The Need for Identity & Access Management Enterprise IPA Overview Pricing Questions to

More information

Oracle Database Security and Audit

Oracle Database Security and Audit Copyright 2014, Oracle Database Security and Audit Beyond Checklists Learning objectives Understand Oracle architecture Database Listener Oracle connection handshake Client/server architecture Authentication

More information

Identity Federation Management to make Operational and Business Efficiency through SSO

Identity Federation Management to make Operational and Business Efficiency through SSO 2012 International Conference on Industrial and Intelligent Information (ICIII 2012) IPCSIT vol.31 (2012) (2012) IACSIT Press, Singapore Identity Federation Management to make Operational and Business

More information

Executive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?

Executive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting? Executive Summary As the leader in Wide Area Application Delivery, Blue Coat products accelerate and secure applications within your WAN and across the Internet. Blue Coat provides a robust and flexible

More information

The Essential Security Checklist. for Enterprise Endpoint Backup

The Essential Security Checklist. for Enterprise Endpoint Backup The Essential Security Checklist for Enterprise Endpoint Backup IT administrators face considerable challenges protecting and securing valuable corporate data for today s mobile workforce, with users accessing

More information

CBIO Security White Paper

CBIO Security White Paper One Canon Plaza Lake Success, NY 11042 www.ciis.canon.com CBIO Security White Paper Introduction to Canon Business Imaging Online Canon Business Imaging Online ( CBIO ) is a cloud platform for Canon s

More information

QLIKVIEW SECURITY OVERVIEW

QLIKVIEW SECURITY OVERVIEW QLIKVIEW SECURITY OVERVIEW A Technology White Paper Published: February, 2011 qlikview.com Table of Contents Overview 3 Common Security Challenges 3 Architecture 4 Authentication (Who are you? How do you

More information

Requirement Priority Name Requirement Text Response Comment

Requirement Priority Name Requirement Text Response Comment N-Tiered Architecture Accessibility Application architecture shall consist of a minimum of four tiers: proxy, presentation, application, and data [base]. Each of the fours tiers shall be separated with

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities PRODUCT SHEET: CA SiteMinder CA SiteMinder we can CA SiteMinder provides a centralized security management foundation that enables the secure use of the web to deliver applications and cloud services to

More information

CA SiteMinder. Implementation Guide. r12.0 SP2

CA SiteMinder. Implementation Guide. r12.0 SP2 CA SiteMinder Implementation Guide r12.0 SP2 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational purposes only

More information

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based

More information

Easy and secure application access from anywhere

Easy and secure application access from anywhere Easy and secure application access from anywhere Citrix is the leading secure access solution for applications and desktops HDX SmartAccess Delivers simple and seamless secure access anywhere Data security

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information