IBM Cognos 10.2 Security Best Practices

•

2 gostaram•5,420 visualizações

The document discusses IBM Cognos security best practices. It begins with an overview of Cognos security concepts like authentication, authorization, namespaces and the Cognos Application Firewall. It then lists several best practices for securing a Cognos implementation, such as disabling anonymous access, removing default permissions, and thoroughly testing user access. The document also provides examples of different permission levels and how they control user actions in the Cognos system.

Tecnologia Notícias e política

IBM Cognos® Security Best
Practices

Wisconsin User Group, March 2014

Kirk Wiseman
PerformanceG2, Inc.

Agenda
!   Authentication versus Authorization
!   Overview Cognos Security
!   Best Practices
!   Questions

Authentication vs Authorization
!  
Cognos
security
is
based
on
authen2ca2on
and
authoriza2on

!  
Authen2ca2on
-‐-‐

You
are
who
you
say
you
are.

!  
Authoriza2on
–
What
you
can
or
cannot
do.

!  
Authen2ca2on
is
handled
by
a
3rd
party
security
tool
such
as
Ac2ve
Directory
LDAP
or

OpenLDAP

!  
Authoriza2on
is
handled
through
Cognos
using
groups,
roles,
capabili2es
and

permissions

Cognos Security Overview
!  
Namespaces

!  
External
Authen2ca2on
providers
are
set
up
as
namespaces
in
Cognos

!  
Cognos
Namespace

!  A
built-‐in
namespace
that
provides
pre-‐deﬁned
security
entries,
including:

groups,
roles,
data
sources,
distribu2on
lists
and
contacts

!  
Cannot
be
deleted

!  
Cognos
groups
and
roles
are
op2onal

!  
Cognos
Applica2on
Firewall
(CAF)

!  
Acts
as
a
smart
proxy
for
the
gateways
and
dispatchers

!  
Analyses,
Modiﬁes
and
validates
HTTP
and
XML
requests

!  
Prevents
Malicious
code
from
being
inserted

!  
Turned
on
by
default
–
LEAVE
IT
ON!

Cognos Security Best Practices
!  
Immediately
aVer
install
and
conﬁgura2on:

!  Turn
oﬀ
anonymous
access
and
enable
an
external
authen2ca2on
provider

!  
Add
at
least
two
groups
of
administrators
to
the
Cognos
System
Administrator

group.

!  
Remove
the
Cognos
Everyone
Group
from
Everything

!  
Plan
your
security
sooner
rather
than
later

!  
Plan
it
out
on
paper,
excel,
etc.
ﬁrst

!  
Decide
whether
you
are
going
to
u2lize
the
op2onal
Cognos
Groups
and
Roles,
Your

Authen2ca2on
provider’s
groups
or
a
combina2on
of
both.

!  
Set
up
capabili2es
early

!  
Create
your
folder
structure
early
and
set
permissions
using
allow

!  
Use
DENY
sparingly,
if
at
all!!

!  

Set
up
test
users
and
test
each
and
every
scenario.

Cognos Security Best Practices
!  
If
se]ng
up
Single
Sign-‐on
do
it
aVer
all
other
tes2ng
has
been
accomplished

!  
If
access
is
to
be
given
outside
of
the
company’s
ﬁrewall
then
set
up
SSL

!  
Set
the
Valid
domains
op2on

!  
Maintain
a
security
process
document
for
your
organiza2on

A little bit about Permissions
!  
Read

!  
View
all
proper2es
of
an
entry,
including
report
specs,
report
output,
etc.

!  
Write

!  
Modify
proper2es
of
a
report

!  
Delete
an
entry

!  
Create
entries

!  
Modify
reports

!  
Create
new
outputs

!  
Execute

!  
Reports,
agents,
etc
can
be
run.

!  
Data
Sources
can
retrieve
data.

!  
Set
Policy

!  
Read
and
modify
security
se]ngs

!  
Traverse

!  The
ability
to
see
through
an
object
to
its
children.

Permission Examples
Ac#on
Permissions
Required

Add
an
entry
Write
permissions
for
a
parent
entry

Query
the
entry
proper#es
Read
permissions
for
an
entry

View
the
children
of
the
entry
Traverse
permissions
for
an
entry

Update
an
entry
Write
permissions
for
an
entry

Delete
an
entry
Write
permissions
for
an
entry,
and
write
permissions
for
a

parent
entry

Copy
an
entry
Read
permissions
for
an
entry
and
any
child
entries,
traverse

permissions
for
all
of
the
children,
and
write
and
traverse

permissions
for
the
target
parent
entry

Move
an
entry
Read
and
write
permissions
for
an
entry,
write
permissions

for
both
the
source
parent
entry
and
the
target
parent
entry,

and
traverse
permissions
for
the
target
parent
entry

Connect with us
!  Call us: 877.742.4276
!  
Email us: training@performanceg2.com, info@performanceg2.com
!  
Visit our web site: performanceg2.com
!  
Watch our Cognos videos at: youtube.com/performanceg2
!  
Follow us: twitter.com/performanceg2
!  
Read our blog
!  
Upcoming events
!  Upcoming training

Thank you for attending!
training@performanceg2.com

Mais conteúdo relacionado

Mais procurados

2 . web app s cannersRashid Khatmey

4 . future uni presentationRashid Khatmey

Android Security & Penetration TestingSubho Halder

Owasp top 10 web application security hazards part 2Abhinav Sejpal

Web application security: Threats & CountermeasuresAung Thu Rha Hein

Identity theft: Developers are key - JFokus 2017Brian Vermeer

Bypass Security Checking with FridaSatria Ady Pradana

My Null Android Penetration Session Avinash Sinha

Web tools pptTamara Pia Agavi

From Reversing to ExploitationSatria Ady Pradana

Web application security & TestingDeepu S Nath

Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus

Attacking android insecurityGodfrey Nolan

Pentesting Android ApplicationsCláudio André

Owasp top 10 web application security hazards - Part 1Abhinav Sejpal

10 Mistakes Hackers Want You to MakeJoe Kutner

BulletproofGodfrey Nolan

Using Proxies To Secure Applications And MoreJosh Sokol

[Wroclaw #1] Android Security WorkshopOWASP

Intro to Wordpress SecurityChris Dodds

Mais procurados (20)

2 . web app s canners

4 . future uni presentation

Android Security & Penetration Testing

Owasp top 10 web application security hazards part 2

Web application security: Threats & Countermeasures

Identity theft: Developers are key - JFokus 2017

Bypass Security Checking with Frida

My Null Android Penetration Session

Web tools ppt

From Reversing to Exploitation

Web application security & Testing

Web App Security Presentation by Ryan Holland - 05-31-2017

Attacking android insecurity

Pentesting Android Applications

Owasp top 10 web application security hazards - Part 1

10 Mistakes Hackers Want You to Make

Bulletproof

Using Proxies To Secure Applications And More

[Wroclaw #1] Android Security Workshop

Intro to Wordpress Security

Semelhante a IBM Cognos 10.2 Security Best Practices

Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff

SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunk

Unit Testing Documentum Foundation Classes CodeBlueFish

Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB

Unit Testing DFCBlueFish

DevSecCon Singapore 2018 - Remove developers’ shameful secrets or simply rem...DevSecCon

Securing Source Code on Endpointsthomashelsley

BsidesMCR_2016-what-can-infosec-learn-from-devopsJames '-- Mckinlay

Configuration Tips to Reduce the Risk of IBM i Malware InfectionPrecisely

OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer

Dev{sec}opsSteven Carlson

It's a Dangerous World MongoDB

Globodox Document Management SoftwareZ. Ahmed

Globodox document management solutionWajira De Silva

Thick Application Penetration Testing: Crash CourseScott Sutherland

AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...Amazon Web Services

SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunk

App lockerConcentrated Technology

DevSecCon SG 2018 Fabian Presentation SlidesFab L

Sai devops - the art of being specializing generalistOdd-e

Semelhante a IBM Cognos 10.2 Security Best Practices (20)

Top 10 Web Security Vulnerabilities (OWASP Top 10)

SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods

Unit Testing Documentum Foundation Classes Code

Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure

Unit Testing DFC

DevSecCon Singapore 2018 - Remove developers’ shameful secrets or simply rem...

Securing Source Code on Endpoints

BsidesMCR_2016-what-can-infosec-learn-from-devops

Configuration Tips to Reduce the Risk of IBM i Malware Infection

OWASP_Top_Ten_Proactive_Controls_v2.pptx

Dev{sec}ops

It's a Dangerous World

Globodox Document Management Software

Globodox document management solution

Thick Application Penetration Testing: Crash Course

AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...

SplunkLive! Munich 2018: Intro to Security Analytics Methods

App locker

DevSecCon SG 2018 Fabian Presentation Slides

Sai devops - the art of being specializing generalist

Mais de PerformanceG2, Inc.

Introduction to Simulation- Predictive AnalyticsPerformanceG2, Inc.

Predictive Analytics ModelingPerformanceG2, Inc.

An Introduction to Predictive Analytics- An Executive's Guide for Informed De...PerformanceG2, Inc.

IBM Cognos Insight the Book - An In Depth Presenation by Author Sanjeev DattaPerformanceG2, Inc.

IBM Cognos 10 - An IntroductionPerformanceG2, Inc.

Business Intelligence for Government - Clark County Family Services Departmen...PerformanceG2, Inc.

PerformanceG2 Company ProfilePerformanceG2, Inc.

PerformanceG2 Cognos Training Course Catalog 2011PerformanceG2, Inc.

Performance Management: An Investment in Enterprise SuccessPerformanceG2, Inc.

PG2 Multi Dimensional Reporting using Report StudioPerformanceG2, Inc.

Cognos TM1 for Advanced UsersPerformanceG2, Inc.

PG2 Cognos Express 101PerformanceG2, Inc.

PG2 Cognos TM1: An Introduction to Design, Maintenance and Performance TuningPerformanceG2, Inc.

PG2 Creating Effective Dashboards In Cognos 8PerformanceG2, Inc.

Mais de PerformanceG2, Inc. (14)

Introduction to Simulation- Predictive Analytics

Predictive Analytics Modeling

An Introduction to Predictive Analytics- An Executive's Guide for Informed De...

IBM Cognos Insight the Book - An In Depth Presenation by Author Sanjeev Datta

IBM Cognos 10 - An Introduction

Business Intelligence for Government - Clark County Family Services Departmen...

PerformanceG2 Company Profile

PerformanceG2 Cognos Training Course Catalog 2011

Performance Management: An Investment in Enterprise Success

PG2 Multi Dimensional Reporting using Report Studio

Cognos TM1 for Advanced Users

PG2 Cognos Express 101

PG2 Cognos TM1: An Introduction to Design, Maintenance and Performance Tuning

PG2 Creating Effective Dashboards In Cognos 8

Último

Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar

Take control of your SAP testing with UiPath Test SuiteDianaGray10

SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada

Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson

Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro

Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University

Commit 2024 - Secret Management made easyAlfredo García Lavilla

Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren

DMCC Future of Trade Web3 - Special EditionDubai Multi Commodity Centre

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

Story boards and shot lists for my a level piececharlottematthew16

Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays

Artificial intelligence in cctv survelliance.pptxhariprasad279825

IBM Cognos 10.2 Security Best Practices

1. IBM Cognos® Security Best Practices Wisconsin User Group, March 2014 Kirk Wiseman PerformanceG2, Inc.

2. Agenda !   Authentication versus Authorization !   Overview Cognos Security !   Best Practices !   Questions

3. Authentication vs Authorization !   Cognos security is based on authen2ca2on and authoriza2on !   Authen2ca2on -‐-‐ You are who you say you are. !   Authoriza2on – What you can or cannot do. !   Authen2ca2on is handled by a 3rd party security tool such as Ac2ve Directory LDAP or OpenLDAP !   Authoriza2on is handled through Cognos using groups, roles, capabili2es and permissions

4. Cognos Security Overview !   Namespaces !   External Authen2ca2on providers are set up as namespaces in Cognos !   Cognos Namespace !  A built-‐in namespace that provides pre-‐deﬁned security entries, including: groups, roles, data sources, distribu2on lists and contacts !   Cannot be deleted !   Cognos groups and roles are op2onal !   Cognos Applica2on Firewall (CAF) !   Acts as a smart proxy for the gateways and dispatchers !   Analyses, Modiﬁes and validates HTTP and XML requests !   Prevents Malicious code from being inserted !   Turned on by default – LEAVE IT ON!

5. Cognos Security Best Practices !   Immediately aVer install and configura2on: !  Turn off anonymous access and enable an external authen2ca2on provider !   Add at least two groups of administrators to the Cognos System Administrator group. !   Remove the Cognos Everyone Group from Everything !   Plan your security sooner rather than later !   Plan it out on paper, excel, etc. first !   Decide whether you are going to u2lize the op2onal Cognos Groups and Roles, Your Authen2ca2on provider’s groups or a combina2on of both. !   Set up capabili2es early !   Create your folder structure early and set permissions using allow !   Use DENY sparingly, if at all!! !   Set up test users and test each and every scenario.

6. Cognos Security Best Practices !   If se]ng up Single Sign-‐on do it aVer all other tes2ng has been accomplished !   If access is to be given outside of the company’s ﬁrewall then set up SSL !   Set the Valid domains op2on !   Maintain a security process document for your organiza2on

7. A little bit about Permissions !   Read !   View all proper2es of an entry, including report specs, report output, etc. !   Write !   Modify proper2es of a report !   Delete an entry !   Create entries !   Modify reports !   Create new outputs !   Execute !   Reports, agents, etc can be run. !   Data Sources can retrieve data. !   Set Policy !   Read and modify security se]ngs !   Traverse !  The ability to see through an object to its children.

8. Permission Examples Ac#on Permissions Required Add an entry Write permissions for a parent entry Query the entry proper#es Read permissions for an entry View the children of the entry Traverse permissions for an entry Update an entry Write permissions for an entry Delete an entry Write permissions for an entry, and write permissions for a parent entry Copy an entry Read permissions for an entry and any child entries, traverse permissions for all of the children, and write and traverse permissions for the target parent entry Move an entry Read and write permissions for an entry, write permissions for both the source parent entry and the target parent entry, and traverse permissions for the target parent entry

9. 9/2/09 Questions?

10. Connect with us !  Call us: 877.742.4276 !   Email us: training@performanceg2.com, info@performanceg2.com !   Visit our web site: performanceg2.com !   Watch our Cognos videos at: youtube.com/performanceg2 !   Follow us: twitter.com/performanceg2 !   Read our blog !   Upcoming events !  Upcoming training

11. Thank you for attending! training@performanceg2.com

IBM Cognos 10.2 Security Best Practices

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a IBM Cognos 10.2 Security Best Practices

Semelhante a IBM Cognos 10.2 Security Best Practices (20)

Mais de PerformanceG2, Inc.

Mais de PerformanceG2, Inc. (14)

Último

Último (20)

IBM Cognos 10.2 Security Best Practices