Configuring CQ Security
|
|
- Nancy Bennett
- 8 years ago
- Views:
Transcription
1 Configuring CQ Security
2 About Me CQ Architect for Inside Solutions CQ Blog: Customer Projects with Adobe CQ Training Material on Adobe CQ
3 Agenda Security Configuration Basics Denial-Of-Service-Attacks Repository Attacks Access Control Dispatcher Configuration
4 CQ and Security Is CQ secure? Yes!... if done right. CQ is very flexible, which means in customer projects a lot of good and bad things can be done. Security out-of-the-box is OK Must apply security checklist Improvements in every release Improve it! delete geometrixx content and users restrict security configuration based on your application s needs take care of access control
5 Configuring For Security The following basic rules should always applied to secure a website: Make available as little information about your system as required. Emphasize access restriction and correct access implementation. Filter out invalid requests as early as possible, e.g. on firewall, web server or dispatcher.
6 Every Security Issue Matters Even minor flaws should be fixed because: attacking a website often needs more than one loophole. even a combination of small loopholes can lead to severe security issues.
7 Denial-Of-Service attacks
8 Attack Vectors Types of Denial-of-Service attacks brute force exploit of system weakness that exponentially boosts the attack
9 General DoS Mitigation Apply the following basic rules: Protect CQ with a Firewall to filter invalid requests Network protocol exploits Detection of a limited number of servers that send vast amount of similar requests Cache Resources Dispatcher cache and/or CDN Cache all content from CQ if possible. Content that cannot be cached must be explicitly stress-tested. Expect more than just regular load
10 Selectors and DoS Selectors are a very helpful utility in Adobe CQ, but they can be used to flood the dispatcher cache if not implemented correctly. For a given page, the dispatcher cache treats each combination of selectors like a distinct page, therefore caching it separately. If the number of selectors is not limited or if arbitrary selectors are allowed, an attacker is able to quickly fill up the dispatcher cache resulting in too much load on the CQ instance behind it.
11 Selector Caching Example The following requests would all be cached separately by a dispatcher cache: Random Selectors allowed : Mb each Frequently used ImageServlet with random selectors: Multiple Selectors allowed:
12 Rules for Selectors: Development The following rules should be applied in the application code: Design components so that the allowed selectors are known. Do not allow excessive amounts of selectors Avoid multiple selectors on a resource except for clearly defined patterns Use multiple selectors with a fixed ordering if possible Requests with unknown selectors should not be accepted, but should result in an HTTP response with status other than 200. Ideally implemented in Dispatcher filtering Also possible to create a Servlet Filter
13 Rules for Selectors: Configuration The following rules should be configured in the dispatcher configuration: Only allow selectors that are actually used in the application Limit the number of selectors in a URL as low as the application accepts Disable default selectors from CQ..feed.xml.infinity.json
14 Repository Attacks
15 Attack Vectors Place unwanted content on website create security holes change application to perform further attacks Get access to restricted information system information such as user information can be used for social engineering
16 Protect The Content In CQ, everything is content Content can be manipulated with POST requests everything can be manipulated with POST requests Only prohibited by correct ACL setup and by correct dispatcher configuration.
17 Repository Attack Details POST to /content manipulates the CQ instance Manipulate the Website Create XSS vulnerabilities curl --data 'redirecttarget= --user author:author PUT / POST to /apps can install bundles and components Takes control of the CQ Instance Can be used to attack internal systems in a corporate network curl -v -u admin:admin --upload-file malicious-bundle.jar apps/malicious/install/ --header "Content-Type: application/java-archive
18 Protect Information Only allow outside access to relevant parts of the CRX repository Disable default CQ features that expose data json extension (also 1..9.json and infinity.json) xml extension feed.xml If you need json or xml for specific URLs, only allow it for specific urls Json data gives information about existing pages and user Ids can reveal sensitive information such as pages that have an activateddate if user ids are know, brute force attacks can be successful user ids can contain (or imply) addresses can be used for social engineering /home/users.5.json
19 CQ Out Of the Box Content Out-of-the-box, CQ comes with the geometrixx applications content components users Before going into production: Uninstall package cq-geometrixx-all Delete all unused users Change the password for ALL out of the box users google for inurl:/content/geometrixx >17000 hits some of them can be accessed with author/author author user is part of geometrixx (since CQ 5.5), but still has write access to /content
20 Access Control
21 ACL Management in CQ Manage ACLs in User Administration
22 Permissions, Actions and ACLs CQ Actions define the right that can be assigned to a user CQ Permissions allow or deny a user to perform an action on a resource For each action and on each resource in the repository, a user can have either permission state Allow or Deny. In Adobe CQ, permissions can be granted through the user administration UI. Under the covers, these permissions are translated into JCR access control privileges stored in repository nodes. This conversion can be quite complex depending on the permissions granted in the UI. For many actions in the UI, specific JCR permissions are set for jcr:content nodes.
23 CRX Access Control Properties CRXDE displays for a given node the access control entries that are set specifically for the node in section Access Control List. All policies effective on the node (but possibly inherited) are displayed in section Effective Access Control Policies.
24 Adobe CQ Actions Action Description JCR Policy Properties Read The user is allowed to read the page and any child pages. allow: jcr:read Modify The user can: modify existing content on the page and on any child pages. create new paragraphs on the page or on any child page. At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:page, nt:file, cq:asset. General: allow jcr:lockmanagement jcr:modifyproperties jcr:versionmanagement rep:glob=*/jcr:content*: allow jcr:addchildnodes jcr:nodetypemanagement jcr:removechildnodes jcr:removenode Create The user can create a new page or child page. If modify is denied the subtrees below jcr:content are specifically excluded because the creation of jcr:content and its child nodes are considered a page modification. This only applies to nodes defining a jcr:content child node. General: allow jcr:addchildnodes jcr:nodetypemanagement rep:glob=*/jcr:content*: deny jcr:addchildnodes jcr:nodetypemanagement
25 Adobe CQ Actions II Delete The user can: delete existing paragraphs from the page or any child page. delete a page or child page. If modify is denied any sub trees below jcr:content are specifically excluded as removing jcr:content and its child nodes is considered a page modification. This only applies to nodes defining a jcr:content child node. General: allow jcr:removechildnodes jcr:removenode rep:glob=*/jcr:content*: deny jcr:removechildnodes jcr:removenode Read ACL The user can read the access control list of the page or child pages. Allow jcr:readaccesscontrol Edit ACL The user can modify the access control list of the page or any child pages. Allow jcr:modifyaccesscontrol Replicate The user can replicate content to another environment (for example, the Publish environment). The privilege is also applied to any child pages. Allow crx:replicate
26 ACL Evaluation In JCR, access control entries are applied hierarchically: When an entry is made on a parent resource, it is also valid for all child resources. If the same policy property is also set on one of the child nodes, that entry supersedes the entry on the parent node. The policy is then applied for the child node and all of its children (unless they have in turn superseding entries).
27 ACL Evaluation II Permission properties on user principals always take precedence over group principals irrespective of their order in the access control list and their position in the node hierarchy. If a user is explicitly denied jcr:read on /content and the user is member of a group with allow jcr:read privilege on /content/foo, the user policy has precedence and the user is denied jcr:read privilege on /content/foo Access rights from multiple group principals are evaluated based on their order, both within the hierarchy and within a single access control list.
28 Impersonate Functionality Allows one user to impersonate another user Right to impersonate can be configured in user adaministration When impersonating another user, all actions in Adobe CQ are effectively executed with that user. An entry is made in the audit log when the impersonation starts and ends Other log files (such as the access log) hold no information about the fact that impersonation has occurred on the events. Repository attributes such as jcr:createdby will contain the name of the impersonated user.
29 Programmatic Access Control Adobe CQ provides services and interfaces to manage users and permissions programmatically. Key classes: UserManager (org.apache.jackrabbit.api.security.user) AccessControlManager (javax.jcr.security) Session (javax.jcr) UserProperties(com.adobe.granite.security.user) Replaces deprecated Profile API
30 ACL Best Practices Use groups to assign permissions rather than users You have many more users than groups, so groups simplify the structure. Groups help provide an overview over all accounts. Inheritance is simpler with groups. Users come and go. Groups are long-term. Always use Allow statements to specify the access rights of the group principal (wherever possible). Avoid using a Deny statement. Keep it simple
31 ACL Best Practices II We have seen that ACLs are based on content hierarchy and child nodes inherit permissions. As a consequence, security and access requirements should be a main driver when designing the content structure: Managing access should be easy Enforcing access control should come for free Avoid copying content to containers such as /var/* for temporary operations or backup purposes. Verify a proper permission setup.
32 Dispatcher Configuration
33 Dispatcher Filtering Rules The /filter directive in file dispatcher.any allows specifying the resources that are served by the dispatcher module. For a given resource, the directives in section /filter are evaluated from bottom up and the first matching rule is applied. Filter directives have the following format: /0001 { /type "deny" /glob "*" } 0001 is the unique id of the filter directive. The type of an entry can be either allow or deny, The glob property allows to specify a pattern to which the directive applies. The glob expression is evaluated against the request line of the HTTP Request, such as: GET /content/geometrixx- outdoors/en.html HTTP.1.1
34 Dispatcher Whitelist Approach To implement the recommended whitelist approach, the first directive denies all resources: /filter { # Deny everything first and then allow specific entries /0001 { /type "deny" /glob "*" } Based on that first directive, selected resources are allowed in more finegrained directives. The following example allows all requests to /content and all GET requests to css files: /0023 { /type "allow" /glob "* /content*" } # Enable specific mime types in non- public content directories /0041 { /type "allow" /glob "GET *.css *" } # enable css
35 Dispatcher Configuration Exact configuration is driven by your application s needs Adapt the dispatcher.any to allow as little as required by your application.
36 Recommended Dispatcher Filtering Rules Adobe CQ provides dispatcher.any files for publish and author instances as part of the dispatcher module The following rules are recommended for all CQ publish instances unless there are substantial requirements from your application to omit them: /1001 { /type "deny" /glob "* *.xml*" } /1002 { /type "deny" /glob "GET *.*[0-9].json*" } /1003 { /type "deny" /glob "GET *.infinity*.json *" } /1004 { /type "deny" /glob "GET *.feed.*" } /1005 { /type "deny" /glob "GET *.query.*" } /1006 { /type "deny" /glob "*.*?*" } Particularly ensure: Deny ALL access to /libs, /apps, /var and /home Allow only GET requests to /etc
37 Selectors in Dispatcher Configuration To prevent DoS attacks that fill the dispatcher cache using excessive selectors, selectors can be generally disallowed. The selectors used in the application can then be explicitly allowed. The following example shows how only selector cqcon.html is enabled: /0101 { /type "deny" /glob "* /*.*.* *"} /0102 { /type "allow" /glob "* /content*.cqcon.html*"}
38 Selectors in Dispatcher Configuration II The following configuration is slightly less restrictive: /0101 { /type "deny" /glob "* /*.*.*.* *"} Here, one (arbitrary) selector is allowed. Still, if the application does not validate the selectors sent and sends responses with HTTP status 200, unlimited cache entries can be created.
39 CQ environments without End User Login If a website does not have functionality that is based on the login of an end user, it is recommended to disable all means of getting authenticated session on the CQ dispatcher. For this, the following two rules can be implemented: /1010 { /type "deny" /glob "* *sling:authrequestlogin*"} /1011 { /type "deny" /glob "* *j_security_check*"} In addition, HTTP headers authorization and proxy-authorization should not be included in the /clientheaders section of file dispatcher.any.
40 Dispatcher Filter Rules Ordering 1. Deny all 2. Allow repository sections you need. 3. Deny selectors / GET parameters. 4. Allow special selectors /GET parameters for specific paths as used in your application. 5. In the end, ensure that the things that must be closed are closed.
41 Summary Key Points for every CQ installation: Uninstall Geometrixx content and users Change default user s passwords Emphasize correct Access Control Tighten dispatcher configuration
42 Questions What are your questions?
43 Thank You CQ Blog:
Check list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationKentico CMS security facts
Kentico CMS security facts ELSE 1 www.kentico.com Preface The document provides the reader an overview of how security is handled by Kentico CMS. It does not give a full list of all possibilities in the
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationColumbia University Web Security Standards and Practices. Objective and Scope
Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements
More informationA Roadmap for Securing IIS 5.0
This document was grafted together from various Web and other sources by Thomas Jerry Scott for use in his Web and other Security courses. Jerry hopes you find this information helpful in your quest to
More informationW H IT E P A P E R. Salesforce CRM Security Audit Guide
W HITEPAPER Salesforce CRM Security Audit Guide Contents Introduction...1 Background...1 Security and Compliance Related Settings...1 Password Settings... 2 Audit and Recommendation... 2 Session Settings...
More informationWhat is Drupal, exactly?
What is Drupal, exactly? Drupal is an open source content management system used to build and manage websites. A content management system (CMS) is a set of procedures or functions that allow content to
More informationKentico 8 Certified Developer Exam Preparation Guide. Kentico 8 Certified Developer Exam Preparation Guide
Kentico 8 Certified Developer Exam Preparation Guide 1 Contents Test Format 4 Score Calculation 5 Basic Kentico Functionality 6 Application Programming Interface 7 Web Parts and Widgets 8 Kentico Database
More informationPortals and Hosted Files
12 Portals and Hosted Files This chapter introduces Progress Rollbase Portals, portal pages, portal visitors setup and management, portal access control and login/authentication and recommended guidelines
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More information<Insert Picture Here> Oracle Web Cache 11g Overview
Oracle Web Cache 11g Overview Oracle Web Cache Oracle Web Cache is a secure reverse proxy cache and a compression engine deployed between Browser and HTTP server Browser and Content
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationIBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide
IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide IBM Endpoint Manager Version 9.1 Patch Management for Red Hat Enterprise Linux User's Guide Note Before using
More informationLotus Domino Security
An X-Force White Paper Lotus Domino Security December 2002 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Introduction Lotus Domino is an Application server that provides groupware
More informationHow To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip
Load testing with WAPT: Quick Start Guide This document describes step by step how to create a simple typical test for a web application, execute it and interpret the results. A brief insight is provided
More informationRESTful web applications with Apache Sling
RESTful web applications with Apache Sling Bertrand Delacrétaz Senior Developer, R&D, Day Software, now part of Adobe Apache Software Foundation Member and Director http://grep.codeconsult.ch - twitter:
More informationCopyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft
5.6 Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft logo, Jaspersoft ireport Designer, JasperReports Library, JasperReports Server, Jaspersoft
More informationREDCap Technical Overview
REDCap Technical Overview Introduction REDCap is a web application for building and managing online surveys and databases. This document delineates many of the broader technical aspects of REDCap, such
More information1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux
CSC 482/582 Assignment #2 Securing SimpleWebServer Due: September 29, 2015 The goal of this assignment is to learn how to validate input securely. To this purpose, students will add a feature to upload
More informationAvatier Identity Management Suite
Avatier Identity Management Suite Migrating AIMS Configuration and Audit Log Data To Microsoft SQL Server Version 9 2603 Camino Ramon Suite 110 San Ramon, CA 94583 Phone: 800-609-8610 925-217-5170 FAX:
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationApache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014
Apache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014 About cziegeler@apache.org @cziegeler RnD Team at Adobe Research Switzerland Member of the Apache
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationAdvanced Audit Policy Configurations for LT Auditor+ Reference Guide
Advanced Audit Policy Configurations for LT Auditor+ Reference Guide Contents WINDOWS AUDIT POLICIES REQUIRED FOR LT AUDITOR+....3 ACTIVE DIRECTORY...3 Audit Policy for the Domain...3 Advanced Auditing
More informationHow To Synchronize With A Cwr Mobile Crm 2011 Data Management System
CWR Mobility Customer Support Program Page 1 of 10 Version [Status] May 2012 Synchronization Best Practices Configuring CWR Mobile CRM for Success Whitepaper Copyright 2009-2011 CWR Mobility B.V. Synchronization
More informationHacking the WordpressEcosystem
Hacking the WordpressEcosystem About Me Dan Catalin VASILE Information Security Consultant Researcher / Writer / Presenter OWASP Romania Board Member Online presence http://www.pentest.ro dan@pentest.ro/
More informationFusion Installer Instructions
Fusion Installer Instructions This is the installation guide for the Fusion NaviLine installer. This guide provides instructions for installing, updating, and maintaining your Fusion REST web service.
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationSitefinity Security and Best Practices
Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management
More informationREDCap General Security Overview
REDCap General Security Overview Introduction REDCap is a web application for building and managing online surveys and databases, and thus proper security practices must instituted on the network and server(s)
More informationManaging Users and Identity Stores
CHAPTER 8 Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting
More informationHardened Plone. Making Your Plone Site Even More Secure. Presented by: Nathan Van Gheem
Hardened Plone Making Your Plone Site Even More Secure Presented by: Nathan Van Gheem Plone Security Flexible and granular ACL/roles-based security model of Zope All input in Plone is validated Plone does
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationwww.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters
2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationSecurity IIS Service Lesson 6
Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and
More informationNetWrix Privileged Account Manager Version 4.0 Quick Start Guide
NetWrix Privileged Account Manager Version 4.0 Quick Start Guide Table of Contents Table of Contents... 2 1. Introduction... 3 1.1. What is NetWrix Privileged Account Manager?... 3 1.2. Licensing... 3
More informationIntegrating LANGuardian with Active Directory
Integrating LANGuardian with Active Directory 01 February 2012 This document describes how to integrate LANGuardian with Microsoft Windows Server and Active Directory. Overview With the optional Identity
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationAbout Microsoft Windows Server 2003
About Microsoft Windows Server 003 Windows Server 003 (WinK3) requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the Windows Server operating system
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationSophos Mobile Control Technical guide
Sophos Mobile Control Technical guide Product version: 2 Document date: December 2011 Contents 1. About Sophos Mobile Control... 3 2. Integration... 4 3. Architecture... 6 4. Workflow... 12 5. Directory
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationInstallation Instruction STATISTICA Enterprise Small Business
Installation Instruction STATISTICA Enterprise Small Business Notes: ❶ The installation of STATISTICA Enterprise Small Business entails two parts: a) a server installation, and b) workstation installations
More informationCentral Security Server
Central Security Server Installation and Administration Guide Release 12.3 Please direct questions about {Compuware Product} or comments on this document to: Customer Support https://community.compuwareapm.com/community/display/support
More informationApache Sentry. Prasad Mujumdar prasadm@apache.org prasadm@cloudera.com
Apache Sentry Prasad Mujumdar prasadm@apache.org prasadm@cloudera.com Agenda Various aspects of data security Apache Sentry for authorization Key concepts of Apache Sentry Sentry features Sentry architecture
More informationSonicWALL Global Management System Reporting Guide Standard Edition
SonicWALL Global Management System Reporting Guide Standard Edition Version 2.8 Copyright Information 2004 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described
More informationFirewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT
Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of
More informationAVG Business SSO Connecting to Active Directory
AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationvcloud Air Platform Programmer's Guide
vcloud Air Platform Programmer's Guide vcloud Air OnDemand 5.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationCreating Home Directories for Windows and Macintosh Computers
ExtremeZ-IP Active Directory Integrated Home Directories Configuration! 1 Active Directory Integrated Home Directories Overview This document explains how to configure home directories in Active Directory
More informationCloud Elements! Marketing Hub Provisioning and Usage Guide!
Cloud Elements Marketing Hub Provisioning and Usage Guide API Version 2.0 Page 1 Introduction The Cloud Elements Marketing Hub is the first API that unifies marketing automation across the industry s leading
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationSTATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS
STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS Notes 1. The installation of STATISTICA Enterprise Small Business entails two parts: a) a server installation, and b)
More informationColumbia University Web Application Security Standards and Practices. Objective and Scope
Columbia University Web Application Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Application Security Standards and Practices document establishes a baseline
More informationInstallation Instruction STATISTICA Enterprise Server
Installation Instruction STATISTICA Enterprise Server Notes: ❶ The installation of STATISTICA Enterprise Server entails two parts: a) a server installation, and b) workstation installations on each of
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationKentico CMS 7.0 Intranet Administrator's Guide
Kentico CMS 7.0 Intranet Administrator's Guide 2 Kentico CMS 7.0 Intranet Administrator's Guide Table of Contents Introduction 5... 5 About this guide Getting started 7... 7 Installation... 11 Accessing
More informationNS DISCOVER 4.0 ADMINISTRATOR S GUIDE. July, 2015. Version 4.0
NS DISCOVER 4.0 ADMINISTRATOR S GUIDE July, 2015 Version 4.0 TABLE OF CONTENTS 1 General Information... 4 1.1 Objective... 4 1.2 New 4.0 Features Improvements... 4 1.3 Migrating from 3.x to 4.x... 5 2
More informationGrandstream Networks, Inc. UCM6100 Security Manual
Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL
More informationOpenLDAP Oracle Enterprise Gateway Integration Guide
An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationSpectrum Technology Platform. Version 9.0. Administration Guide
Spectrum Technology Platform Version 9.0 Administration Guide Contents Chapter 1: Getting Started...7 Starting and Stopping the Server...8 Installing the Client Tools...8 Starting the Client Tools...9
More informationDFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)
Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage
More informationManual POLICY PATROL SECURE FILE TRANSFER
Manual POLICY PATROL SECURE FILE TRANSFER MANUAL Policy Patrol Secure File Transfer This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software
More informationP R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T
O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E M E N T, F U S I O N E D I T I O N R E L E A S E 1 1. 1. 1.x P R O V I S I O N I N G O R A C L E H Y P E R I O N F I N A N C I A L M A N A G E
More informationPointsec Enterprise Encryption and Access Control for Laptops and Workstations
Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing
More informationAdministration Guide. . All right reserved. For more information about Specops Password Sync and other Specops products, visit www.specopssoft.
Administration Guide. All right reserved. For more information about Specops Password Sync and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Password Sync is a trademark
More informationMigrating helpdesk to a new server
Migrating helpdesk to a new server Table of Contents 1. Helpdesk Migration... 2 Configure Virtual Web on IIS 6 Windows 2003 Server:... 2 Role Services required on IIS 7 Windows 2008 / 2012 Server:... 2
More informationNextRow - AEM Training Program Course Catalog
NextRow - AEM Training Program Course Catalog Adobe Experience Manager Training Program Course Catalog NextRow provides Adobe CQ training solutions designed to meet your unique project demands. To optimize
More informationEMC ApplicationXtender Server
EMC ApplicationXtender Server 6.0 Monitoring Guide P/N 300 008 232 A01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748 9103 1 508 435 1000 www.emc.com Copyright 1994 2009 EMC Corporation. All
More informationKofax Export Connector 8.3.0 for Microsoft SharePoint
Kofax Export Connector 8.3.0 for Microsoft SharePoint Administrator's Guide 2013-02-27 2013 Kofax, Inc., 15211 Laguna Canyon Road, Irvine, California 92618, U.S.A. All rights reserved. Use is subject to
More informationAPI documentation - 1 -
API documentation - 1 - Table of Contents 1. Introduction 1.1. What is an API 2. API Functions 2.1. Purge list of files 2.1.1 Description 2.1.2 Implementation 2.2. Purge of whole cache (all files on all
More informationIf you examine a typical data exchange on the command connection between an FTP client and server, it would probably look something like this:
Overview The 1756-EWEB and 1768-EWEB modules implement an FTP server; this service allows users to upload custom pages to the device, as well as transfer files in a backup or restore operation. Many IT
More informationEMC ApplicationXtender Server
EMC ApplicationXtender Server 6.5 Monitoring Guide P/N 300-010-560 A01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright 1994-2010 EMC Corporation. All
More informationInstallation Guide For ChoiceMail Enterprise Edition
Installation Guide For ChoiceMail Enterprise Edition How to Install ChoiceMail Enterprise On A Server In Front Of Your Company Mail Server August, 2004 Version 2.6x Copyright DigiPortal Software, 2002-2004
More informationAdministration Site Guide
Administration Site Guide 080612 2012 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical, including photocopying,
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationdocs.hortonworks.com
docs.hortonworks.com Hortonworks Data Platform: Administering Ambari Copyright 2012-2015 Hortonworks, Inc. Some rights reserved. The Hortonworks Data Platform, powered by Apache Hadoop, is a massively
More informationPre-Installation Guide
Pre-Installation Guide Version 8.2 December 11, 2015 For the most recent version of this document, visit our documentation website. Table of Contents 1 Pre-installation overview 4 2 Windows updates 4 3
More informationXGENPLUS SECURITY FEATURES...
Security Features Table of Contents TABLE OF CONTENTS... 2 1. INTRODUCTION... 3 2. XGENPLUS SECURITY FEATURES... 3 3. SERVER LEVEL FEATURES... 5 4. DOMAIN LEVEL FEATURES... 8 5. USER LEVEL FEATURES...
More informationTechnical specifications
Technical specifications PhD Manager is built on the Haplo open source platform. The Haplo platform provides a flexible database tailored to storing information about the activities in complex organisations.
More informationTerms and Definitions for CMS Administrators, Architects, and Developers
Sitecore CMS 6 Glossary Rev. 081028 Sitecore CMS 6 Glossary Terms and Definitions for CMS Administrators, Architects, and Developers Table of Contents Chapter 1 Introduction... 3 1.1 Glossary... 4 Page
More informationCollax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.
Collax Web Security Howto This howto describes the setup of a Web proxy server as Web content filter. Requirements Collax Business Server Collax Security Gateway Collax Platform Server including Collax
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationCloud Services. Introduction...2 Overview...2. Security considerations... 2. Installation...3 Server Configuration...4
Contents Introduction...2 Overview...2 Security considerations... 2 Installation...3 Server Configuration...4 Management Client Connection...4 General Settings... 4 Enterprise Architect Client Connection
More informationDISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES
DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES By Michael Crouse Dr. Errin W. Fulp, Ph.D., Advisor Abstract The increasingly high volume of users on the web and their use of web
More informationSonicWALL Global Management System Reporting User Guide. Version 2.5
SonicWALL Global Management System Reporting User Guide Version 2.5 Copyright Information 2003 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within,
More informationMicrosoft Corporation. Project Server 2010 Installation Guide
Microsoft Corporation Project Server 2010 Installation Guide Office Asia Team 11/4/2010 Table of Contents 1. Prepare the Server... 2 1.1 Install KB979917 on Windows Server... 2 1.2 Creating users and groups
More informationUser Guide. Hosted Web Security. Copyright CensorNet Limited, 2007-2012
User Guide Hosted Web Security Copyright CensorNet Limited, 2007-2012 This document is designed to provide information about the first time configuration and administrator use of the Hosted Web Security
More informationNetWrix USB Blocker. Version 3.6 Administrator Guide
NetWrix USB Blocker Version 3.6 Administrator Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Operation Guide...5 3.1.
More information