Security Administration Guide

• About This Book
• About InterSystems Security
• Authentication: Establishing Identity
• Authorization: Controlling User Access
• Auditing: Knowing What Happened
• Managed Key Encryption: Protecting Data on Disk
• Managing Security with the Management Portal
• Notes on Technology, Policy, and Action
• Authentication
• Authentication Basics
• About the Different Authentication Mechanisms
• About the Different Access Modes
• Configuring Kerberos Authentication
• Configuring Operating-System–Based Authentication
• Configuring Instance Authentication
• Configuring Two-Factor Authentication
• Other Topics
• Assets and Resources
• Authorization, Assets, and Resources
• System Resources
• Database Resources
• Application Resources
• Creating or Editing a Resource
• Using Custom Resources with the Management Portal
• Privileges and Permissions
• How Privileges Work
• Public Permissions
• Checking Privileges
• Using Methods with Built-In Privilege Checks
• When Changes in Privileges Take Effect
• Roles
• About Roles
• Roles, Users, Members, and Assignments
• Creating Roles
• Managing Roles
• Predefined Roles
• Login Roles and Added Roles
• Programmatically Managing Roles
• Users
• Properties of Users
• Creating and Editing Users
• Viewing and Managing Existing Users
• Predefined User Accounts
• Validating User Accounts
• Services
• Available Services
• Service Properties
• Services and Authentication
• Services and Their Resources
• Applications
• Applications, Their Properties, and Their Privileges
• Application Types
• Creating and Editing Applications
• Built-In Applications
• Auditing
• Basic Auditing Concepts
• Elements of an Audit Event
• About System Audit Events
• Managing User-Defined Audit Events
• Enabling or Disabling an Audit Event
• Managing Auditing and the Audit Database
• Other Auditing Issues
• Managed Key Encryption
• About Managed Key Encryption
• Key Management Tasks
• Using Encrypted Databases
• Using Data-Element Encryption
• Protecting against Data Loss and Handling Emergency Situations
• Other Information
• SQL Security
• SQL Privileges and System Privileges
• The SQL Service
• System Management and Security
• System Security Settings Page
• System-Wide Security Parameters
• Authentication Options
• The Secure Debug Shell
• Password Strength and Password Policies
• Protecting InterSystems IRIS Configuration Information
• Managing InterSystems IRIS Security Domains
• Security Advisor
• Effect of Changes
• Emergency Access
• Using TLS with InterSystems IRIS
• About InterSystems IRIS Support for TLS
• About TLS
• About Configurations
• Configuring the InterSystems IRIS Superserver to Use TLS
• Configuring InterSystems IRIS Telnet to Use TLS
• Configuring Java Clients to Use TLS with InterSystems IRIS
• Configuring .NET Clients to Use TLS with InterSystems IRIS
• Configuring Studio to Use TLS with InterSystems IRIS
• Connecting from a Windows Client Using a Settings File
• Configuring InterSystems IRIS to Use TLS with Mirroring
• Configuring InterSystems IRIS to Use TLS with TCP Devices
• Configuring the Web Gateway to Connect to InterSystems IRIS Using TLS
• Establishing the Required Certificate Chain
• The InterSystems Public Key Infrastructure
• About the InterSystems Public Key Infrastructure (PKI)
• Certificate Authority Server Tasks
• Certificate Authority Client Tasks
• Using Delegated Authentication
• Overview of Delegated Authentication
• Creating Delegated (User-Defined) Authentication Code
• Setting Up Delegated Authentication
• After Delegated Authentication Succeeds
• Using LDAP
• Overview of Using LDAP with InterSystems IRIS®
• Configuring LDAP Authentication for InterSystems IRIS
• Configuring LDAP Authorization for InterSystems IRIS
• Other LDAP Topics
• Using Delegated Authorization
• Overview of Delegated Authorization
• Creating Delegated (User-defined) Authorization Code
• Configuring an Instance to Use Delegated Authorization
• After Authorization — The State of the System
• Tightening Security for an Instance
• Enabling Auditing
• Changing the Authentication Mechanism for an Application
• Limiting the Number of Public Resources
• Restricting Access to Services
• Limiting the Number of Privileged Users
• Disabling the _SYSTEM User
• Restricting Access for UnknownUser
• Configuring Third-Party Software
• Performing Encryption Management Operations
• About Encryption Management Operations
• Converting an Unencrypted Database to be Encrypted
• Converting an Encrypted Database to be Unencrypted
• Converting an Encrypted Database to Use a New Key
• Relevant Cryptographic Standards and RFCs
• About PKI (Public Key Infrastructure)
• The Underlying Need
• About Public-Key Cryptography
• Authentication, Certificates, and Certificate Authorities
• How the CA Creates a Certificate
• Limitations on Certificates: Expiration and Revocation
• Recapping PKI Functionality
• Using Character-based Security Management Routines
• ^SECURITY
• ^EncryptionKey
• ^DATABASE
• ^%AUDIT