The Microsoft Dynamics AX 2009 Security Hardening Guide. Microsoft Corporation Published: May 2008
|
|
- Oswin Morgan
- 8 years ago
- Views:
Transcription
1 The Microsoft Dynamics AX 2009 Security Hardening Guide Microsoft Corporation Published: May 2008
2 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your people to make business decisions with greater confidence. Microsoft Dynamics works like and with familiar Microsoft software, automating and streamlining financial, customer relationship and supply chain processes in a way that helps you drive business success. U.S. and Canada Toll Free Worldwide This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property Microsoft Corporation. All rights reserved. Microsoft, Internet Explorer, Windows, Windows BitLocker, Windows Server, Microsoft.NET, Microsoft SQL Server, and Microsoft and the Microsoft Dynamics Logo are either registered trademarks or trademarks of Microsoft Corporation, FRx Software Corporation, or Microsoft Business Solutions ApS in the United States and/or other countries. Microsoft Business Solutions ApS and FRx Software Corporation are subsidiaries of Microsoft Corporation.
3 Table of Contents Introduction to the Security Hardening Guide 5 Reduce the attack surface of the Microsoft Dynamics AX client 7 Reduce the attack surface of the Microsoft Dynamics AX Application Object Server 16 Reduce the attack surface of the Microsoft Dynamics AX database 20 Appendix A: Table Permissions Framework Reference 24 Security Hardening Guide 3
4
5 Introduction to the Security Hardening Guide This guide is intended for IT professionals who are deploying Microsoft Dynamics AX 2009 or who want to improve the security of an existing Microsoft Dynamics AX 2009 deployment. This guide discusses how to reduce the attack surface of the major Microsoft Dynamics AX components (the client, the Application Object Server (AOS), and the database). This guide also describes how to use various Microsoft Windows operating system features to improve the security of your computing environment. This guide does not describe how to set up or configure specific security features in Microsoft Dynamics AX 2009, such as record-level security, domains, or user-group permissions. You can view information about these security features in the Microsoft Dynamics AX online Help. (Click the Help icon > System and Application Setup > System setup > Setting up and maintaining security.) Concepts This guide discusses the following security concepts. Concept Attack surface Least privilege Description In a computing environment, the attack surface is an assessment of the potential vulnerabilities where a malicious user might gain access to code or data in your business or organization. Administrators want to reduce the attack surface of the computing environment (reduce the number of potential exploits or vulnerabilities) so that a malicious user cannot access, steal, change, or destroy code or data. Reducing the attack surface can involve: Disabling ports and processes to reduce the potential of an attack from the Internet and the network. Disabling features to reduce the amount of code that executes on the computer, thereby reducing the volume of code that can be exploited or used to propagate an exploit. Enabling hardware and software security features to limit access to computing resources. To grant least privilege (also called least-privileged user accounts) means to grant users the fewest possible permissions to software features and data while still allowing the users to perform their job functions. By granting least privilege, you restrict access to features and data. Security Hardening Guide 5
6 Concept Defense in depth Description For example, users who are assigned to an HR_Users group (Human Resources) might be granted fewer permissions than users in an HR_Managers group or the Director of Human Resources. By granting least privilege, you prevent members of the HR_Users group from accessing reports or sensitive employee information. Defense in depth means to implement multiple security systems in your business or organization to prevent security attacks and to limit the impact of those attacks if a malicious user breaches one or more security defenses. Most businesses or organizations implement the following security measures as a means of defense in depth: Production databases and servers are physically stored in a secure room, and users must enter passcodes or submit identification to enter the room. Internet-facing Web applications are set up with a perimeter network (also called demilitarized zone or DMZ). Proxy servers prevent client computers from accessing certain types of media or Web sites on the Internet. Client computers and servers are configured to access the Internet through a firewall to prevent unsolicited requests to the local computer. Client computers run antivirus software and malicious-software detection software. Access to software applications and network resources is controlled by a combination of domain authentication, user and groups permissions, and NTFS file system permissions. Security Hardening Guide 6
7 Reduce the attack surface of the Microsoft Dynamics AX client Microsoft Dynamics AX enables users to input, update, and monitor a variety of data by using the 32-bit client. Microsoft Dynamics AX users use the client to perform common tasks that include viewing financial reports, processing orders with credit card numbers, routing payments by using bank account numbers, and entering sensitive details about employees or customers. If the Microsoft Dynamics AX client is not deployed with attention to security, then malicious users might gain access to Microsoft Dynamics AX data, or users in your business or organization might unintentionally gain access to sensitive data. Whether your business or organization runs only a few Microsoft Dynamics AX clients or dozens of clients, you should deploy the client as described in this section to protect your data and to reduce the overall attack surface of your computing environment. This section includes the following information: Terminal Services deployment (most secure) Individual deployments (less secure) Encrypt client communications with the Application Object Server (AOS) Best practices for secure client deployment Terminal Services deployment (most secure) Terminal Services, which is a feature of the Windows Server 2008 and Windows Server 2003 operating systems, uses the Remote Desktop Protocol (RDP) to communicate between client and server. After you deploy an application on a terminal server, clients can connect over a remote access connection, local area network (LAN), wide area network (WAN), or the Internet. The client computers can run Windows, Apple Macintosh, or UNIX (by using a third-party add-on). When a user accesses an application, such as Microsoft Dynamics AX 2009 on a terminal server, the application execution occurs on the server. Only keyboard, mouse, and display information is transmitted over the network. Users can view only their individual sessions. Each session is managed transparently by the server operating system, and it is independent of any other client session. From a security perspective, there are several benefits to running the Microsoft Dynamics AX client on a Terminal Services cluster: Only keyboard strokes and images of information that is displayed on the Terminal Services server are transmitted over the network. Microsoft Dynamics AX data is not transmitted over the network to client computers, which reduces the threat of a malicious user acquiring data that was stored on a user's client computer. No data is processed, cached, or stored on a user's local computer. All data processing, caching, and storage occur on the Windows Server computer that is running the Microsoft Security Hardening Guide 7
8 Microsoft Dynamics AX Dynamics AX client. If a user's client computer is misappropriated or lost, a malicious user would not have access to Microsoft Dynamics AX data on that computer. If a security patch were issued for Microsoft Dynamics AX, that patch would only need to be applied to the Terminal Services cluster computers, which means that the overall Microsoft Dynamics AX attack surface is minimized. Figure 1 shows an example of how you might architect Microsoft Dynamics AX to run on a Terminal Services cluster. Figure 1: Microsoft Dynamics AX deployed on a Terminal Services cluster 1. Users log on to their client computers and open a Remote Desktop Connection or a Remote Desktop Web connection (if they are connecting by using the HTTP service). Or, the user double-clicks the Microsoft Dynamics AX client icon on their computer and runs the application as a Terminal Services session (which is a feature of Windows Server 2008 called RemoteApp). 2. The load balancing solution routes traffic to the Terminal Services cluster based on server availability and load. 3. Terminal Services receives the session request and communicates with the Terminal Services Directory and Licensing Services to manage sessions and to verify that there is an available license. If a license is available, Terminal Services starts a unique session for each user. Depending on how you configured Terminal Services, users view a Windows desktop Security Hardening Guide 8
9 where they can access the Microsoft Dynamics AX client from the All Programs menu, or if they are using Terminal Services RemoteApp, the Microsoft Dynamics AX client opens and appears to users as an application that is running on their client computer. 4. The Microsoft Dynamics AX clients running on the Terminal Services cluster communicate with the Microsoft Dynamics AX AOS and database server through normal channels. 5. The Terminal Services cluster transmits images of information that is displayed on the Terminal Services server over the network to client computers. No data is transmitted over the network, and therefore no Microsoft Dynamics AX data resides on users' client computers. Deployment considerations By default, Terminal Services allows only two client sessions at one time. Business decision makers in your business or organization will need to assess the cost of purchasing additional Terminal Services licenses before you can deploy a Terminal Services cluster. We highly recommend the investment because it reduces administration overhead and the attack surface for security threats against Microsoft Dynamics AX and any other line-of-business applications that you choose to run on the cluster. Each user who will connect to the Microsoft Dynamics AX client on the Terminal Services cluster must be a member of the Remote Desktop User group in Microsoft Windows Users and Groups. To enhance the security of your computing environment, deploy Group Policy and Encrypting File System on all computers. If your business or organization uses Windows Server 2008, Windows Vista Enterprise, or Windows Vista Ultimate deploy Windows BitLocker. Group Policy and Encrypting File System are described in more detail in the following section. For more information about Terminal Services, see the Windows Server 2008 Terminal Services Technical Library or the Windows Server 2003 Terminal Service Reference. Individual deployments (less secure) There are several reasons why it is less secure to deploy the Microsoft Dynamics AX client on users' computers than it is to deploy the Microsoft Dynamics AX client on a Terminal Services deployment, as discussed earlier in this section. Microsoft Dynamics AX data sent between the client and the AOS is at greater risk of being intercepted by a malicious user because there is more data being sent across the network. Data that is stored on individual computers is at greater risk of being accessed by a malicious user if users are not diligent about securing their computers, or if a computer is lost or stolen. If users have access to the Internet, there is a greater risk of virus attacks or problems with malicious software. Your computing environment is at greater risk if your business or organization does not enforce a policy that requires users to download and install security patches as soon as they are available. Security Hardening Guide 9
10 You can mitigate some of these security risks by deploying the Windows security features that are described in the following sections. Deployment considerations This section describes deployment practices that we recommend if you deploy the Microsoft Dynamics AX client to multiple computers. If you deploy the client according to these recommendations, you can improve security and mitigate some of the risks described earlier. Deploy Group Policy If you intend to deploy the Microsoft Dynamics AX client to individual computers in your business or organization, you should implement Group Policy first, and then deploy Microsoft Dynamics AX. Group Policy is a feature of Windows Server 2008 and Windows Server 2003 that provides an infrastructure for delivering and applying configurations or policy settings to users and computers within an Active Directory environment. Using Group Policy you can: Manage user settings and computers from a central location. Implement security settings across an enterprise. Implement standard computing environments for groups of users. Centrally manage software installations, updates, repairs, upgrades, and software removal. Centrally deploy, recover, restore, and replace users data, software, and personal settings. Centrally configure and customize users' computers to provide a consistent computing environment and system settings. Group Policy in Windows Server 2008 includes these additional benefits: Centrally manage and control computer power settings. Control device installation and access to devices, such as USB drives, CD-RW drives, DVD- RW drives, and other removable media. Manage firewall and Internet Protocol security Group Policy settings together, a feature that provides greater security for scenarios, such as securing server-to-server communications over the Internet, limiting access to domain resources based on trust relationships or the health of a computer, and protecting data communication to a specific server to meet regulatory requirements for data privacy and security. Open and edit Internet Explorer Group Policy settings without the risk of inadvertently altering the state of the policy settings based on the configuration of the administrative computer. Assign printers based on location in the business or organization or a geographic location, and enable Group Policy settings to allows users to install printer drivers. For more information, see Group Policy in Windows Server 2008 or Group Policy in Windows Server Security Hardening Guide 10
11 Deploy Encrypting File System Microsoft Dynamics AX Encrypting File System (EFS) is a component of the NTFS file system on Windows operating systems that is used for encrypting files and folders on client computers and remote servers. EFS enables users to protect their data from unauthorized access by other users or malicious users. Any individual or application that does not have the appropriate cryptographic key cannot read the encrypted data. By deploying EFS on the computers where you install the Microsoft Dynamics AX client, you add another level of security for any data or files that the user might store locally. For more information, see EFS in Windows Server 2008 or EFS in Windows Server Deploy Windows BitLocker Drive Encryption Windows BitLocker Drive Encryption (BitLocker) is a feature that is available in the Windows Server 2008 operating system, Windows Vista Enterprise operating system, and Windows Vista Ultimate operating system. This feature can help protect data that is stored on client computers, particularly mobile ones. BitLocker performs two functions: BitLocker encrypts all data that is stored on the Windows operating system volume (and configured data volumes). This includes the Windows operating system, hibernation and paging files, applications, and data that are used by applications. BitLocker is configured by default to use a Trusted Platform Module (TPM) to help ensure the integrity of early startup components (components that are used in the earlier stages of the startup process). BitLocker "locks" any BitLocker-protected volumes so that they remain protected even if the computer is tampered with when the operating system is not running. Everything written to a BitLocker-protected volume is encrypted, including the operating system itself and all applications and data. This helps protect data from unauthorized access. While the physical security of servers remains important, BitLocker can help protect data whenever a computer is stolen, shipped from one location to another, or otherwise out of a user's physical control. Encrypting the disk helps prevent offline attacks, such as the removal of a disk drive from one computer and its installation in another in an attempt to bypass Windows security provisions, such as permissions enforced by NTFS access control lists (ACLs). For more information, see Windows BitLocker Drive Encryption. Special considerations for client computers used in development environments Client computers that are used for Microsoft Dynamics AX development must be isolated from the clients, AOS, and database computers that are used in the production environment. The consideration here is that the process of testing or developing customizations might inadvertently impact the production environment if the environments are not properly isolated. Security Hardening Guide 11
12 To maintain the security of the production environment, developers should not be granted access to the Microsoft Dynamics AX production database. Client computers that are used for development should have their own AOS and database, and the development environment should have its own data set. To maintain security and privacy, you should not use production data in a development environment. Encrypt client communications with the AOS The Microsoft Dynamics AX AOS performs business logic and data processing for all incoming and outgoing requests from client computers. If a malicious user intercepts requests between the client computer and the AOS, that user might gain access to data or information. You can reduce the threat of a malicious user intercepting requests between the client computer and the AOS by using encryption. For information about securing the AOS, see Reduce the attack surface of the Microsoft Dynamics AX Application Object Server. Remote Procedure Call encryption By default, Microsoft Dynamics AX is configured to encrypt credentials and data that are sent across the network between the client and the AOS, and between the AOS and the database. Microsoft Dynamics AX uses the Remote Procedure Call (RPC) to perform the encryption, which provides the highest level of security for client-aos communications. We recommend that you do not disable the RPC security feature. You can verify that encryption is enabled in the Microsoft Dynamics AX Configuration Utility. The configuration utility is automatically installed when you install the Microsoft Dynamics AX client. If you suspect that users or administrators disabled this security feature, then verify this setting on each Microsoft Dynamics AX client computer in your business or organization. 1. Click Start > Control Panel > Administrative Tools > Microsoft Dynamics AX Configuration Utility. 2. Click the Connection tab. 3. Verify that Encrypt client to server communications is selected. If this option is not selected, select it, and then click OK. Role Centers encryption Role Centers provide overview information for Microsoft Dynamics AX users, including work lists, activities, common links, and key business intelligence information. Role Centers use the Enterprise Portal framework to deliver information on either an Enterprise Portal Web site or to a Role Center home page in the Microsoft Dynamics AX client. If your business or organization uses Role Centers, and if the administrator installed Enterprise Portal without Secure Sockets Layer (SSL) encryption, then all communication between Role Centers in the Microsoft Dynamics AX client and the AOS are sent in clear text. This means that if a malicious user intercepts communications between a client computer that is using Role Centers and the AOS, then that Security Hardening Guide 12
13 malicious user would see data from those communications. In this situation, RPC encryption is not used, because the information between the Role Center page and the AOS is sent by using the Hypertext Transfer Protocol (HTTP). If your business or organization uses Role Centers, then you must ensure that Enterprise Portal is configured to use SSL encryption. SSL is a feature of Internet Information Services, the Web server software that hosts the Enterprise Portal framework. For more information about configuring SSL, see Secure Sockets Layer encryption in IIS 7.0 or Secure Sockets Layer encryption in IIS 6.0. Best practices for secure client deployment The following best practices apply to all Microsoft Dynamics AX client deployments. If your business or organization does not have these practices in place, then you should consider implementing these practices immediately as they are, in most cases, the first line of defense for improving security in your computing environment. Recommendation Always specify leastprivileges when you set up and configure Microsoft Dynamics AX user security features. Description You can read about how to set up and configure users, user groups, domains, and record-level security in the Microsoft Dynamics AX online Help. (Click the Help icon > System and Application Setup > System setup > Setting up and maintaining security.) Before you set up and configure least-privileges in Microsoft Dynamics AX, consider the following: By default, no users or groups have access to the Application Object Tree (AOT). This is by design. You should only grant access to the AOT for members of a development group who must access the AOT as a part of their specific job requirements. If you grant regular users access to the AOT, those users could intentionally or unintentionally compile the application, synchronize the application, change license files, or change module configurations, all of which can cause problems in your business or organization. As a general rule, you should not grant user groups access to an item unless they specifically need access to do their job. Do not grant regular users permission to set up or configure master records unless they specifically need permission to do their job. If a regular user has permission to set up or configure master records, that user could intentionally or unintentionally change a master record, which can cause problems for all users of that specific module. Security Hardening Guide 13
14 Recommendation Educate users about using strong passwords and define password policies. Enable Windows Firewall or another firewall device on each computer. Enable a virus scanner on each computer. Deploy smart cards in your business or organization. Description Only those persons who are responsible for setting up and configuring Microsoft Dynamics AX in your business or organization should be a member of the Administrators group and have access to the Administration module in Microsoft Dynamics AX. If regular users are granted access to this group and module, they could intentionally or unintentionally cause problems in the Microsoft Dynamics AX application. Do not assign users to the Windows Administrators or Power Users groups on their local computers unless they are explicitly required to perform administrator or power user job functions. Members of these groups can add or remove applications to their local computers, which can introduce security risks. Instead, assign users to the Windows User group (Start > Administrative Tools > Computer Management > Local Users and Groups). Strong passwords and password policies in your domain are essential for maintaining a secure computing environment. We highly recommend that you implement Password Best Practices in your business or organization. A firewall drops incoming traffic that does not correspond to either traffic sent in response to a request of the computer (solicited traffic) or unsolicited traffic that has been specified as allowed (excepted traffic). A firewall adds a level of protection from malicious users and applications that rely on unsolicited incoming traffic to attack computers. Windows Firewall is a Control Panel feature that is used to set restrictions on what traffic is allowed to enter your network from the Internet. Windows Firewall is included in Windows Vista, Windows Server 2008, Windows XP with Service Pack 2, and Windows Server 2003 with Service Pack 1. For more information, see Windows Firewall. The threat of virus attacks is ongoing and always changing. You should deploy a virus scanner on each computer in your business or organization, and configure the scanners to scan computers and update virus signatures regularly. A smart card contains a small computer chip that is used to store security keys or other types of personal information. The smart card uses cryptographic technology to store the information. Some businesses or organizations deploy smart card readers on each Security Hardening Guide 14
15 Recommendation Description laptop and desktop computer and require employees to insert their smart card into the reader before the user can connect to the corporate network. By deploying smart cards in this way, the business or organization adds another physical layer of security to its computing environment by ensuring that every user who connects to its network posses a valid password and a smart card. For more information, see the Smart Card Reference. See Also TechNet Security Center Security Hardening Guide 15
16 Reduce the attack surface of the Microsoft Dynamics AX Application Object Server The Application Object Server (AOS) processes client requests for data and performs Microsoft Dynamics AX business logic. If a malicious user gained access to the AOS, that user might gain access to data, including sensitive data, such as financial information and trade secrets. You should deploy the AOS as described in this section to protect data in your business or organization and to reduce the overall attack surface of this core Microsoft Dynamics AX component. Configure the AOS to use a domain account When you install the AOS by using Setup, you have the option to configure the service to use a domain account (the default option) or the Network Service account. The Network Service account is less secure than a domain account, if you set up and configure the domain account properly. The problem with the Network Service account is that it is available to other applications that are installed on the same server. Also, the Network Service account is translated into a computer account if the service must communicate with a different server. For example, if you deploy four application object servers that use the Network Service account, and these servers communicate with a separate Microsoft SQL Server, then four different computer accounts will be created in SQL Server. In this situation, you have four accounts where a malicious user could potentially gain access to the AOS or the database. With a domain account, there is only one account to secure, which reduces the attack surface of your computing environment. Work with your domain administrator to create a new account in Active Directory. This account should not be used for any other services or back-office operations. It must be a dedicated account. Also, verify with the domain administrator that this account is configured as follows: The domain user account password is a strong password. The domain user account does not have interactive logon rights. The domain user account can log on as a service. The domain user account is not listed as user or a member of any groups in Microsoft Dynamics AX. The domain user account is not listed as a user or a member of any groups in Windows Users and Groups on the AOS server. Change the default port that is used by the AOS When you install Microsoft Dynamics AX, the AOS is configured to listen on port 2712, by default. If you install other AOS services on the same computer, the port number increments up one numeral per service. For example, if you run three AOS services on the same computer and you Security Hardening Guide 16
17 do not change the default settings, those services would be configured to listen on ports 2712, 2713, and If a malicious user learned about a vulnerability in Microsoft Dynamics AX and the user knew the default port number, they might attempt to gain access to data by using that port number. You can reduce the attack surface by changing the default port number. You can change the port number by using the Microsoft Dynamics 2009 Server Configuration utility. 1. On the AOS server, click Start > Administrative Tools > Microsoft Dynamics AX 2009 Server Configuration. 2. Select an instance from the Application Object Server Instance drop-down list. 3. On the Application Object Server tab, enter a new port number in the TCP/IP port field. Note: 4. Click OK. Choose a port number between 1024 and You can view a list of ports that are currently being used on the server if you open the services file in a text editor, such as Microsoft Notepad (<system root>\winnt\system32\drivers\etc). 5. Repeat this process, if necessary, for each instance. 6. You must also specify the new port number on each client that connects to the AOS. You can change the port number by using the Microsoft Dynamics 2009 Configuration utility. 7. On a client computer, click Start > Administrative Tools > Microsoft Dynamics AX 2009 Configuration. 8. In the Configuration target drop-down list, select Local client. 9. Click Manage > Create configuration. 10. Enter a name, and then select Copy from Active configuration. 11. On the Connection tab, select the appropriate instance in the text box, and then click Edit. 12. Enter the new port number, and then click OK. 13. To expedite the process of configuring multiple client computers, you can export this configuration to a file and then import the configuration to all other client computers. For more information, see "Manage a client configuration" in the Microsoft Dynamics 2009 Configuration utility Help. Isolate a Microsoft Dynamics AX application file share If you configured your system so that several AOS computers access Microsoft Dynamics AX application files on a central file share, then we recommend that you configure the share as follows to isolate the server while ensuring that other AOS computers can access files on the share. The file share computer must be configured to use the File Server role in Windows Server (Start > Administrative Tools > Manage your server > File Server role). Security Hardening Guide 17
18 The shared directory must be configured so that the AOS service account (the domain account or the Network Service account) has Full Control permissions. Use Internet Protocol security (IPsec) to secure communications between the servers. Note: IPsec is described in the next section. Use Windows features to reduce the attack surface Microsoft Windows operating systems include security features to help you reduce the attack surface of your computing environment. We recommend that you implement and use the following features on the AOS. Internet Protocol Security (IPsec) IPsec is a feature of Microsoft Windows Server 2008 and Microsoft Windows Server 2003 that helps protect networks from active and passive attacks by using packet filtering, cryptographic security services, and trusted communications. IPsec helps provide defense-in-depth against: Network-based attacks from unknown computers. Denial-of-service attacks. Data corruption. Data theft. User-credential theft. For more information, see IPsec. Windows Firewall Windows Firewall is a Control Panel feature that is used to set restrictions on what traffic is allowed to enter your network from the Internet. Windows Firewall is included in Windows Vista, Windows Server 2008, Windows XP with Service Pack 2, and Windows Server 2003 with Service Pack 1. For more information, see Windows Firewall. The Microsoft Security Configuration Wizard The Microsoft Security Configuration Wizard reduces the attack surface of the Microsoft Windows Server 2008 operating system and the Microsoft Windows Server 2003 with Service Pack 1 operating system by determining the minimum feature-set required for a server's role or roles, and then disabling features that are not required. The Security Configuration Wizard: Disables unneeded services. Blocks unused ports. Allows further address or security restrictions for ports that are left open. Security Hardening Guide 18
19 Microsoft Dynamics AX Prohibits unnecessary Internet Information Services (IIS) Web extensions, if applicable. Reduces protocol exposure to server message block (SMB), LanMan, and Lightweight Directory Access Protocol (LDAP). Defines a high signal-to-noise audit policy. To access the Security Configuration Wizard, click Start > Administrative Tools > Security Configuration Wizard. We recommend that you read the Help for this tool before you make changes to your system. For more information about services, ports, and protocols on your Windows operating system, see Service overview and network port requirements for the Windows Server system. Microsoft Security Baseline Analyzer The Microsoft Baseline Security Analyzer scans your computer to detect unsecure configurations and to identify missing security updates. The analyzer then recommends changes and updates to improve the security of the computer. For more information, see Microsoft Security Baseline Analyzer. Security Hardening Guide 19
20 Reduce the attack surface of the Microsoft Dynamics AX database If a malicious user gained access to the Microsoft Dynamics AX database, that user might gain access to data, including sensitive data, such as credit card numbers, bank account numbers, and personal identification numbers. You should deploy the database as described in this section to protect data in your business or organization and reduce the overall attack surface of this core Microsoft Dynamics AX component. Encrypt sensitive data We recommend that you implement database encryption, as provided by your database software, to enhance the security of data, including sensitive data, such as credit card numbers, bank account numbers, and personal identification numbers. If your business or organization processes and stores credit card information, then we recommend that you adhere to the standards set by the PCI Security Standards Council for securing cardholder data. The PCI Data Security Standard requires the following: Security standard Build and Maintain a Secure Network Protect Cardholder Data Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Requirement 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters. 3. Protect stored cardholder data. 4. Encrypt transmission of cardholder data across open, public networks. 5. Use and regularly update antivirus software. 6. Develop and maintain secure systems and applications. 7. Restrict access to cardholder data. 8. Assign a unique ID to each user with computer access. 9. Restrict physical access to cardholder data. 10. Track and monitor all access to network resources and cardholder data. 11. Regularly test security systems and processes. 12. Maintain a policy that addresses information security. Security Hardening Guide 20
21 Enabling database encryption directly addresses the needs of requirement three: Protect stored cardholder data. Microsoft SQL Server 2008 includes a new encryption feature called Transparent Data Encryption (TDE). TDE is designed to provide protection for the entire database at rest without affecting existing applications. Implementing encryption in a database traditionally involves complicated application changes, such as modifying table schemas, removing functionality, and significant performance degradations. For example, to use encryption in Microsoft SQL Server 2005, the column data type must be changed to varbinary; ranged and equality searches are not allowed; and the application must call built-ins (or stored procedures or views that automatically use these built-ins) to handle encryption and decryption, all of which slow query performance. These issues are not unique to Microsoft SQL Server 2005; other database management systems face similar limitations. Custom schemes are often used to resolve equality searches and ranged searches often cannot be used at all. Even basic database elements, such as creating an index or using foreign keys often do not work with cell-level or column-level encryption schemes because the use of these features inherently leak information. TDE solves these problems by encrypting everything, including all data types, keys, and indexes. For more information, see Database Encryption in SQL Server 2008 Enterprise Edition. For information about encryption with Oracle 10, see Oracle Database 10g Security and Identity Management. If your business or organization uses Microsoft SQL 2005, you can address the needs of PCI Data Security Standard requirement three by using Encrypting File System (EFS). EFS is a component of the NTFS file system on Windows operating systems that is used for encrypting files and folders on client computers and remote servers. Any user or application that does not have the appropriate cryptographic key cannot read the encrypted data. With EFS, we recommend that you encrypt the folder where the SQL Server database is stored. If your business or organization creates views in SQL Server, and a view is created for a specific table in the database, such as a credit card number table, you can configure the view to point to a different database file and then enable EFS encryption on that file. For more information, see EFS in Windows Server 2008 or EFS in Windows Server Set authorization requirements on database tables by using the Table Permissions Framework The Table Permissions Framework (TPF) enables administrators to add an additional level of security to tables that store sensitive data. TPF adds table-level security that verifies access rights no matter the origin of the request. For example, consider the following scenario: 1. Contoso Corporation implemented Microsoft Dynamics AX and allows users to access data by using the Microsoft Dynamics AX client, Enterprise Portal, the Application Integration Framework, and a third-party application that connects to Microsoft Dynamics AX by using the.net Business Connector. 2. The administrator configured a Microsoft Dynamics AX user group called Senior Leadership, and members of this group have access to sensitive data about financial information and trade secrets. One of the database tables that stores this sensitive information is called Security Hardening Guide 21
22 FinancialResults. This table was added as part of a customization done by a partner after Microsoft Dynamics AX was installed. Note: TPF can be enabled on any table in the Microsoft Dynamics AX database. For the sake of time and efficiency, however, administrators assign TPF to tables that are considered to be sensitive or to be of critical business value. 3. In the Application Object Tree (AOT), the administrator configures the FinancialResults table so that the Application Object Server (AOS) must authorize all operations for that table. The administrator specifies the value CreateReadUpdateDelete for the AOSAuthorizationProperty. 4. Soon thereafter, a malicious user discovers a vulnerability in Contoso's third-party application that connects to Microsoft Dynamics AX by using the.net Business Connector. The malicious user connects to the database as a member of the CRM_users group and attempts to read the data in the FinancialResults table. 5. Before allowing the read operation, the AOS checks to see if the user is a member of the Senior Leadership user group and if members of the group have permission to read the data. The malicious user is not a member of the Senior Leadership group, so the AOS denies the read operation. To enable TPF, an administrator specifies a value for the AOSAuthorizationProperty on a specific table in the AOT. The AOSAuthorizationProperty authorizes Create, Read, Update, and Delete operations. For some tables, it is important to authorize all operations because the data is sensitive. For other tables, you might find it suitable to specify a subset of operations, such as Create, Update, and Delete. In the case when you have specified a subset, the AOS authorizes the Create, Update, and Delete operations, but allows users to perform View operations if they have access to Microsoft Dynamics AX. Appendix A: Table Permissions Framework Reference lists all tables that are TPF-enabled by default and which operations require authorization. You can change or add TPF for a table, but we recommend that you perform TPF changes in a test environment so that you can study the impact of TPF changes on user groups that access that table. To enable TPF on database table: 1. In the AOT, expand Data Dictionary > Tables. 2. Right-click a table, and then click Properties. 3. Click AOSAuthorizationProperty and select a new value by using the drop-down list. 4. Click Save All. Security Hardening Guide 22
23 If you added TPF to a table, you might need to specify or expand permissions for user groups that access that table. You can view which objects access a table by using the Used-by command in the AOT: 1. In the AOT, expand Data Dictionary > Tables. 2. Right-click a table, and then click Add-ins > Cross-reference > Update. 3. Right-click a table, and then click Add-ins > Cross-reference > Used by. The Used by form is displayed. This form shows all objects that access the selected table and what permissions (the Reference column) are required when accessing the table. You might need to adjust user group permissions if you set tighter restrictions on a table. Encrypt and restrict database communications You can further enhance data security by encrypting and restricting database communications by using Internet Protocol security (IPsec). IPsec is a feature of Microsoft Windows Server 2008 and Microsoft Windows Server 2003 that helps protect networks from active and passive attacks by using packet filtering, cryptographic security services, and trusted communications. We recommend that you create an IPsec rule that encrypts communication between the AOS and the database. We also recommend that you create an IPsec rule that restricts communications so that only incoming requests from the AOS are allowed. For more information, see IPsec. Physically isolate the database server As a general rule and best practice for maintaining security, you should physically isolate servers, including database servers, in a locked room that requires a passcode or card key to enter. By physically isolating servers, you limit the opportunity for a malicious user to access, damage, or steal the server. Security Hardening Guide 23
24 Appendix A: Table Permissions Framework Reference The Table Permissions Framework (TPF) enables administrators to set restrictions on tables that store data, including sensitive data. To enable TPF, an administrator specifies a value for the AOSAuthorizationProperty on a specific table in the Application Object Tree (AOT). The AOSAuthorizationProperty authorizes Create, Read, Update, and Delete operations. When the Application Object Server (AOS) attempts to perform an operation on a table that is TPF enabled, the AOS is required to check Microsoft Dynamics AX user group permissions to verify that members of the group have permission to perform the operation. If members of the group do not have the appropriate permissions, the AOS does not complete the operation. For more information, see "Set authorization requirements on database tables by using the Table Permissions Framework" earlier in this guide. Tables This section lists all database tables that are TPF-enabled by default in Microsoft Dynamics AX and the authorization requirements for those tables. Important: These tables store sensitive data. We recommend that you do not adjust these authorization requirements unless told to do so by management. We also recommend that you do not adjust these requirements in a production environment. Test your changes in a test environment so that you can study the impact on user-group permissions and make adjustments as necessary. Application Integration Framework (AIF) AifValueSubstitutionComponentConfig AifChannel Security Hardening Guide 24
25 Business Intelligence and Reporting BIAnalysisServer BIConfiguration BICurrencyDimension BIExchangeRates BIPerspectives BITimeDimension BIUdmRoles BIUdmTranslations SRSAnalysisEnums SRSEnabledLanguages SRSLanguages SRSModelEntityCache SRSModelFieldCache SRSModelFieldFolderCache SRSModelFieldRoleSortCache SRSModelFolderCache SRSModelForeignKeyCache SRSModelIndexCache SRSModelOptions SRSModelPerspectiveCache SRSModelPerspectiveEntityCache SRSModelPerspectiveFieldCache SRSModelPerspectiveForeignKeyCache SRSModelPerspectiveRoleCache SRSModelRoleCache SRSModelRoleGroupsCache Security Hardening Guide 25
26 SRSModelSecurityKeyCache SRSServers SRSUpdateOptions SRSUserConfiguration SysSRSTablePermissions Developer and Partner Tools SysMapParameters SysClusterConfig SysOccConfiguration UtilElements UtilIdElements Enterprise Portal SysUserInfo UserInfo EPStateStore CuesQuery EPCompanyParameters EPDocuParameters EPGlobalParameters EPServerStateCleanupSettings EPStateStoreSettings EPWebSiteParameters SysBCProxyUserAccount Create, Delete Create, Delete Security Hardening Guide 26
27 SysEncryptionKey SysPerimeterNetworkParams SysSecurityFormControlTable SysSecurityFormTable UserGroupInfo UserGroupList Expense Management TrvCreditCards TrvCashAdvance Financials BankAccountTable CreditCardADNSetup CreditCardCust CreditCardCustNumber CreditCardMicrosoftSetup CreditCardProcessorsSecurity CustBankAccount LedgerBalancesDimTrans LedgerBalancesTrans LedgerTrans ShipCarrierCODPackage ShipCarrierPackage ShipCarrierShippingRequest Security Hardening Guide 27
28 ShipCarrierSQLRoleUser ShipCarrierStaging ShipCarrierTracking VendBankAccount CompanyDomainList GDL BankCodaAccountStatement BankCodaAccountStatementLines BankIBSLog_BE BankIBSLogArchive_BE Tax1099IRSPayerRec TaxEvatParameters_NL VendStateTaxID Human Resources (HRM) EmplTable HRCComp HRCCompGrid HRCCompLevel HRCCompRefPointSetup HRCCompRefPointSetupLine HRCCompTmpGrid HRMADARequirement HRMCompEligibility Security Hardening Guide 28
29 HRMCompEligibilityLevel HRMCompEvent HRMCompEventEmpl HRMCompEventLine HRMCompEventLineComposite HRMCompEventLineFixed HRMCompEventLinePointInTime HRMCompFixedAction HRMCompFixedBudget HRMCompFixedEmpl HRMCompFixedPlanTable HRMCompFixedPlanUtilMatrix HRMCompJobFunction HRMCompJobType HRMCompLocation HRMCompOrgPerf HRMCompPayFrequency HRMCompPayrollEntity HRMCompPerfAllocation HRMCompPerfAllocationLine HRMCompPerfPlan HRMCompPerfPlanEmpl HRMCompPerfRating HRMCompProcess HRMCompProcessLine HRMCompProcessLineAction HRMCompSurveyCompany HRMCompVarAwardEmpl Security Hardening Guide 29
30 HRMCompVarEnrollEmpl HRMCompVarEnrollEmplLine HRMCompVarPlanLevel HRMCompVarPlanTable HRMCompVarPlanType HRMCompVesting HRMi9Document HRMi9DocumentList HRMPartyEmployeeRelationship HRMVirtualNetworkAccommodation HRMVirtualNetworkTable KMKnowledgeTable KMKnowledgeTrans Inventory Management InventItemSampling InventNonConformanceHistory InventNonConformanceOrigin InventNonConformanceRelation InventNonConformanceTable InventProblemType InventProblemTypeSetup InventQualityOrderLine InventQualityOrderLineResults InventQualityOrderTable InventQualityOrderTableOrigin InventQuarantineZone Security Hardening Guide 30
31 InventTestArea InventTestAssociationTable InventTestCertOfAnalysisLine InventTestCertOfAnalysisLineResults InventTestCertOfAnalysisTable InventTestCorrection InventTestDiagnosticType InventTestEmplResponsible InventTestGroup InventTestGroupMember InventTestInstrument InventTestItemQualityGroup InventTestMiscCharges InventTestOperation InventTestOperationItems InventTestOperationMiscCharges InventTestOperationTimeSheet InventTestQualityGroup InventTestRelatedOperations InventTestReportSetup InventTestTable InventTestVariable InventTestVariableOutcome WMSReservationCombinationLine WMSReservationCombinationTable WMSReservationSequenceLine WMSReservationSequenceTable SysSignatureSetup Security Hardening Guide 31
How To Protect Your Data In Microsoft Dynamics Ax
Microsoft Dynamics AX 2012 Security Guide Microsoft Corporation August 2013 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your people to make
More informationUpdate and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1
Update and Installation Guide for Microsoft Management Reporter 2.0 Feature Pack 1 Microsoft Corporation Published: December 2010 Microsoft Dynamics is a line of integrated, adaptable business management
More informationRetail Deployment Guide. Microsoft Dynamics AX 2012 Feature Pack
Retail Deployment Guide Microsoft Dynamics AX 2012 Feature Pack Microsoft Corporation February 2012 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you
More informationMicrosoft Dynamics AX 2009 Installation Guide. Microsoft Corporation Published: November 2009
Microsoft Dynamics AX 2009 Installation Guide Microsoft Corporation Published: November 2009 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your
More informationWindows BitLocker Drive Encryption Step-by-Step Guide
Windows BitLocker Drive Encryption Step-by-Step Guide Microsoft Corporation Published: September 2006 Abstract Microsoft Windows BitLocker Drive Encryption is a new hardware-enhanced feature in the Microsoft
More informationManagement Reporter Integration Guide for Microsoft Dynamics AX
Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics AX July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565
More informationManagement Reporter Integration Guide for Microsoft Dynamics GP
Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics GP July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565
More informationMicrosoft Dynamics AX 2012 Installation Guide. Microsoft Corporation Published: April 2011 This content is preliminary and is subject to change.
2012 Installation Guide Microsoft Corporation Published: April 2011 This content is preliminary and is subject to change. Microsoft Dynamics is a line of integrated, adaptable business management solutions
More informationConfiguring a SQL Server Reporting Services scale-out deployment to run on a Network Load Balancing cluster
Microsoft Dynamics AX Configuring a SQL Server Reporting Services scale-out deployment to run on a Network Load Balancing cluster White Paper A SQL Server Reporting Services (SSRS) scale-out deployment
More informationHow to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson
How to Install Microsoft Mobile Information Server 2002 Server ActiveSync Joey Masterson How to Install Microsoft Mobile Information Server 2002 Server ActiveSync Joey Masterson Copyright Information
More informationnappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.
nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances The information contained in this document represents the current view of Microsoft Corporation on the issues discussed
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationHow to Secure a Groove Manager Web Site
How to Secure a Groove Manager Web Site Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations,
More informationWorkflow approval via email
Microsoft Dynamics AX Workflow approval via email White Paper This document highlights the functionality in Microsoft Dynamics AX 2012 R2 that allows workflow to be configured so that a user can take approval
More informationModule 1: Introduction to Designing Security
Module 1: Introduction to Designing Security Table of Contents Module Overview 1-1 Lesson 1: Overview of Designing Security for Microsoft Networks 1-2 Lesson 2: Introducing Contoso Pharmaceuticals: A Case
More informationCustomizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step
Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step Guide Microsoft Corporation Published: July 2009 Updated: September 2009 Abstract Remote Desktop Web Access (RD Web
More informationTechnical Brief for Windows Home Server Remote Access
Technical Brief for Windows Home Server Remote Access Microsoft Corporation Published: October, 2008 Version: 1.1 Abstract This Technical Brief provides an in-depth look at the features and functionality
More information2007 Microsoft Office System Document Encryption
2007 Microsoft Office System Document Encryption June 2007 Table of Contents Introduction 1 Benefits of Document Encryption 2 Microsoft 2007 Office system Document Encryption Improvements 5 End-User Microsoft
More informationDriveLock and Windows 8
Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationTS Gateway Step-By-Step Guide
TS Gateway Step-By-Step Guide Microsoft Corporation Published: December 2007 Modified: July 2008 Abstract Terminal Services Gateway (TS Gateway) is a new role service available to users of the Microsoft
More informationMicrosoft Dynamics GP. Workflow Installation Guide Release 10.0
Microsoft Dynamics GP Workflow Installation Guide Release 10.0 Copyright Copyright 2008 Microsoft Corporation. All rights reserved. Complying with all applicable copyright laws is the responsibility of
More informationDeploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide
c623242f-20f0-40fe-b5c1-8412a094fdc7 Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide Microsoft Corporation Published: June 2009 Updated: April 2010 Abstract
More informationInstalling Windows Rights Management Services with Service Pack 2 Step-by- Step Guide
Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide Microsoft Corporation Published: October 2006 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationWindows Small Business Server 2003 Upgrade Best Practices
Windows Small Business Server 2003 Upgrade Best Practices Microsoft Corporation Published: May 2005 Version: 1 Abstract To ensure a successful upgrade from the Microsoft Windows Small Business Server 2003
More informationStep-by-Step Guide for Microsoft Advanced Group Policy Management 4.0
Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 Microsoft Corporation Published: September 2009 Abstract This step-by-step guide describes a sample scenario for installing Microsoft
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationCredit Card Processing
Microsoft Dynamics AX 2009 Credit Card Processing Technical White Paper This white paper is intended for professionals who are involved in the implementation and support of the Credit Card Processing functionality
More informationGetting Started with. Ascent Capture Internet Server 5. 10300260-000 Revision A
Ascent Capture Internet Server 5 Getting Started with Ascent Capture Internet Server 5 10300260-000 Revision A Copyright Copyright 2001 Kofax Image Products. All Rights Reserved. Printed in USA. The information
More informationManaging Remote Access
VMWARE TECHNICAL NOTE VMware ACE Managing Remote Access This technical note explains how to use VMware ACE to manage remote access through VPN to a corporate network. This document contains the following
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationHands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS
Lab Manual Expediting WSUS Service for XP Embedded OS Summary In this lab, you will learn how to deploy the security update to your XP Pro or XP embedded images. You will also learn how to prepare the
More informationWindows Firewall with Advanced Security Step-by-Step Guide - Deploying Firewall Policies
Windows Firewall with Advanced Security Step-by-Step Guide - Deploying Firewall Policies Microsoft Corporation Published: October 2007 Author: Dave Bishop Editor: Scott Somohano Technical Reviewers: Sarah
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationUser Identification and Authentication
User Identification and Authentication Vital Security 9.2 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included
More informationTroubleshooting File and Printer Sharing in Microsoft Windows XP
Operating System Troubleshooting File and Printer Sharing in Microsoft Windows XP Microsoft Corporation Published: November 2003 Updated: August 2004 Abstract File and printer sharing for Microsoft Windows
More informationPipeliner CRM Phaenomena Guide Add-In for MS Outlook. 2015 Pipelinersales Inc. www.pipelinersales.com
Add-In for MS Outlook 205 Pipelinersales Inc. www.pipelinersales.com Add-In for MS Outlook Learn how to use sales lead management with Pipeliner MS Outlook Add-In. CONTENT. Setting up Pipeliner Add-In
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationRSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide
RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationAD RMS Step-by-Step Guide
AD RMS Step-by-Step Guide Microsoft Corporation Published: March 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide provides instructions for setting up a test environment to
More informationMicrosoftDynam ics GP 2015. TenantServices Installation and Adm inistration Guide
MicrosoftDynam ics GP 2015 TenantServices Installation and Adm inistration Guide Copyright Copyright 2014 Microsoft Corporation. All rights reserved. Limitation of liability This document is provided as-is.
More informationConnector for Microsoft Dynamics Configuration Guide for Microsoft Dynamics SL
Microsoft Dynamics Connector for Microsoft Dynamics Configuration Guide for Microsoft Dynamics SL Revised August, 2012 Find updates to this documentation at the following location: http://www.microsoft.com/download/en/details.aspx?id=10381
More informationenicq 5 System Administrator s Guide
Vermont Oxford Network enicq 5 Documentation enicq 5 System Administrator s Guide Release 2.0 Published November 2014 2014 Vermont Oxford Network. All Rights Reserved. enicq 5 System Administrator s Guide
More informationSymantec AntiVirus Corporate Edition Patch Update
Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Update Documentation version 10.0.1.1007 Copyright 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationMBAM Self-Help Portals
MBAM Self-Help Portals Authoring a self-help portal workflow for BitLocker Recovery Using Microsoft BitLocker Administration and Monitoring (MBAM) Technical White Paper Published: September 2011 Priyaa
More informationStep-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab
Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Microsoft Corporation Published: May, 2005 Author: Microsoft Corporation Abstract This guide describes how to create
More informationNOVELL ZENWORKS ENDPOINT SECURITY MANAGEMENT
You can read the recommendations in the user, the technical or the installation for NOVELL ZENWORKS ENDPOINT SECURITY MANAGEMENT 4.0. You'll find the answers to all your questions on the NOVELL ZENWORKS
More informationIBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide
IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation
More informationPortions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED.
Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information
More informationSage 100 ERP. Installation and System Administrator s Guide
Sage 100 ERP Installation and System Administrator s Guide This is a publication of Sage Software, Inc. Version 2014 Copyright 2013 Sage Software, Inc. All rights reserved. Sage, the Sage logos, and the
More informationWindows Server Update Services 3.0 SP2 Step By Step Guide
Windows Server Update Services 3.0 SP2 Step By Step Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide provides detailed instructions for installing Windows Server
More informationRSA Authentication Manager 7.1 Security Best Practices Guide. Version 2
RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks
More informationWindows 7, Enterprise Desktop Support Technician
Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse
More informationSMART Vantage. Installation guide
SMART Vantage Installation guide Product registration If you register your SMART product, we ll notify you of new features and software upgrades. Register online at smarttech.com/registration. Keep the
More informationWindows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
More informationLotus Domino Security
An X-Force White Paper Lotus Domino Security December 2002 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Introduction Lotus Domino is an Application server that provides groupware
More informationOmniquad Exchange Archiving
Omniquad Exchange Archiving Deployment and Administrator Guide Manual version 3.1.2 Revision Date: 20 May 2013 Copyright 2012 Omniquad Ltd. All rights reserved. Omniquad Ltd Crown House 72 Hammersmith
More informationRSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide
RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com
More informationMicrosoft Dynamics TM NAV 5.00. Installation & System Management: C/SIDE Database Server for Microsoft Dynamics TM NAV
Microsoft Dynamics TM NAV 5.00 Installation & System Management: C/SIDE Database Server for Microsoft Dynamics TM NAV Installation & System Management: Database Server for Microsoft Dynamics TM NAV Information
More informationWeb Plus Security Features and Recommendations
Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of
More informationEndpoint Security VPN for Windows 32-bit/64-bit
Endpoint Security VPN for Windows 32-bit/64-bit E75.20 User Guide 13 September 2011 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected
More informationRadia Cloud. User Guide. For the Windows operating systems Software Version: 9.10. Document Release Date: June 2014
Radia Cloud For the Windows operating systems Software Version: 9.10 User Guide Document Release Date: June 2014 Software Release Date: June 2014 Legal Notices Warranty The only warranties for products
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationDeploying Microsoft RemoteFX on a Single Remote Desktop Virtualization Host Server Step-by-Step Guide
Deploying Microsoft RemoteFX on a Single Remote Desktop Virtualization Host Server Step-by-Step Guide Microsoft Corporation Published: October 2010 Abstract This step-by-step guide walks you through the
More informationStep-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses
Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.
More informationMicrosoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010
Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010 Better Together Writer: Bill Baer, Technical Product Manager, SharePoint Product Group Technical Reviewers: Steve Peschka,
More informationFile and Printer Sharing with Microsoft Windows
Operating System File and Printer Sharing with Microsoft Windows Microsoft Corporation Published: November 2003 Abstract File and printer sharing in Microsoft Windows allows you to share the contents of
More informationVersion 3.8. Installation Guide
Version 3.8 Installation Guide Copyright 2007 Jetro Platforms, Ltd. All rights reserved. This document is being furnished by Jetro Platforms for information purposes only to licensed users of the Jetro
More informationWindows Firewall with Advanced Security. Design Guide and Deployment Guide. Abstract
Windows Firewall with Advanced Security Design Guide and Deployment Guide Microsoft Corporation Published: October 2008 Author: Dave Bishop Editor: Allyson Adley Reviewers: Bilal Aijazi, Boyd Benson, Shalaka
More informationDIGIPASS CertiID. Getting Started 3.1.0
DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Forwarded-For support to Forward and Reverse Proxy TMG Servers Published: May 2010 Applies to: Winfrasoft X-Forwarded-For
More informationDeploying the Workspace Application for Microsoft SharePoint Online
Microsoft Dynamics GP Deploying the Workspace Application for Microsoft SharePoint Online Microsoft Dynamics GP Workspace is a method to enable Microsoft Excel-based dashboards for SharePoint Online. This
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More information"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary
Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test
More informationWhatsUp Gold v16.2 Installation and Configuration Guide
WhatsUp Gold v16.2 Installation and Configuration Guide Contents Installing and Configuring Ipswitch WhatsUp Gold v16.2 using WhatsUp Setup Installing WhatsUp Gold using WhatsUp Setup... 1 Security guidelines
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationVeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.
END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010
More informationMicrosoft Dynamics AX 2012 System Requirements. Microsoft Corporation Published: March 2012
2012 System Requirements Microsoft Corporation Published: March 2012 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your people to make business
More informationMicrosoft Dynamics GP Release
Microsoft Dynamics GP Release Workflow Installation and Upgrade Guide February 17, 2011 Copyright Copyright 2011 Microsoft. All rights reserved. Limitation of liability This document is provided as-is.
More informationHyper-V Server 2008 Getting Started Guide
Hyper-V Server 2008 Getting Started Guide Microsoft Corporation Published: October 2008 Author: Cynthia Nottingham Abstract This guide helps you become familiar with Microsoft Hyper-V Server 2008 by providing
More informationActive Directory Change Notifier Quick Start Guide
Active Directory Change Notifier Quick Start Guide Software version 3.0 Mar 2014 Copyright 2014 CionSystems Inc., All Rights Reserved Page 1 2014 CionSystems Inc. ALL RIGHTS RESERVED. This guide may not
More informationImplementation Guide for PCI Compliance Microsoft Dynamics AX 2012
Implementation Guide for PCI Compliance Microsoft Dynamics AX 2012 February 2012 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your people to
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationThe SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.
WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard
More informationCreating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide
Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide Microsoft Corporation Published: January 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for
More informationSCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
More informationWhatsUp Gold v16.3 Installation and Configuration Guide
WhatsUp Gold v16.3 Installation and Configuration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup Installation Overview... 1 Overview... 1 Security considerations... 2 Standard
More informationSECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)
WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term
More informationCourse Description. Course Audience. Course Outline. Course Page - Page 1 of 12
Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge
More informationAdobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service
Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service white paper TABLE OF CONTENTS 1. Document overview......... 1 2. References............. 1 3. Product overview..........
More informationSophos for Microsoft SharePoint startup guide
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
More informationEventTracker: Support to Non English Systems
EventTracker: Support to Non English Systems Publication Date: April 25, 2012 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Introduction This document has been prepared to
More informationMicrosoft Dynamics CRM Adapter for Microsoft Dynamics GP
Microsoft Dynamics Microsoft Dynamics CRM Adapter for Microsoft Dynamics GP May 2010 Find updates to this documentation at the following location. http://go.microsoft.com/fwlink/?linkid=162558&clcid=0x409
More informationBest Practices & Deployment SurfControl Mobile Filter v 5.0.2.60
Best Practices & Deployment SurfControl Mobile Filter v 5.0.2.60 rev2.1, January 2006 Pre-Installation Guide Notice 2006 SurfControl. All rights reserved. SurfControl, SurfControl E-mail Filter, SurfControl
More information