Caché Security Administration Guide
- About This Book
- About Caché Security
- Authentication: Establishing Identity
- Authorization: Controlling User Access
- Auditing: Knowing What Happened
- Managed Key Encryption: Protecting Data on Disk
- Managing Security with the Management Portal
- Notes on Technology, Policy, and Action
- A Note on Certification
- Authentication
- Authentication Basics
- About the Different Authentication Mechanisms
- About the Different Access Modes
- Configuring for Kerberos Authentication
- Configuring for Operating-System–Based Authentication
- Configuring for Authentication with Caché Login
- Configuring Two-Factor Authentication
- Other Topics
- Assets and Resources
- About Resources
- System Resources
- Database Resources
- Application Resources
- Creating or Editing a Resource
- Using Custom Resources with the Management Portal
- Privileges and Permissions
- Roles
- About Roles
- Roles, Users, Members, and Assignments
- Creating Roles
- Managing Roles
- Predefined Roles
- Login Roles and Added Roles
- Programmatically Managing Roles
- Users
- Properties of Users
- Creating and Editing Users
- Viewing and Managing Existing Users
- Predefined User Accounts
- Validating User Accounts
- Services
- Applications
- Applications, Their Properties, and Their Privileges
- Application Types
- Creating and Editing Applications
- Built-In Applications
- Auditing
- Basic Auditing Concepts
- Elements of an Audit Event
- About System Audit Events
- Managing User-Defined Audit Events
- Enabling or Disabling an Audit Event
- Managing Auditing and the Audit Database
- Other Auditing Issues
- Managed Key Encryption
- About Managed Key Encryption
- Key Management Tasks
- Using Encrypted Databases
- Using Data-Element Encryption
- Protecting against Data Loss and Handling Emergency Situations
- Other Information
- SQL Security
- System Management and Security
- System Security Settings Page
- System-Wide Security Parameters
- Authentication Options
- The Secure Debug Shell
- Password Strength and Password Policies
- Protecting Caché Configuration Information
- Managing Caché Security Domains
- Security Advisor
- Effect of Changes
- Emergency Access
- Using TLS with Caché
- About TLS
- About Configurations
- Configuring the Caché Superserver to Use TLS
- Configuring the Caché Telnet Service to Use TLS
- Configuring Java Clients to Use TLS with Caché
- Configuring .NET Clients to Use TLS with Caché
- Connecting from a Windows Client Using a Settings File
- Configuring Caché to Use TLS with Mirroring
- Configuring Caché to Use TLS with TCP Devices
- Configuring the CSP Gateway to Connect to Caché Using TLS
- Establishing the Required Certificate Chain
- The InterSystems Public Key Infrastructure
- About the InterSystems Public Key Infrastructure (PKI)
- Certificate Authority Server Tasks
- Certificate Authority Client Tasks
- Using Delegated Authentication
- Overview of Delegated Authentication
- Creating Delegated (User-Defined) Authentication Code
- Setting Up Delegated Authentication
- After Delegated Authentication Succeeds
- Using LDAP
- Overview of Using LDAP with Caché
- Configuring LDAP Authentication for Caché
- Configuring LDAP Authorization for Caché
- Other LDAP Topics
- Using Delegated Authorization
- Overview of Delegated Authorization
- Creating Delegated (User-defined) Authorization Code
- Configuring an Instance to Use Delegated Authorization
- After Authorization — The State of the System
- Tightening Security for a Caché Instance
- Enabling Auditing
- Changing the Authentication Mechanism for an Application
- Limiting the Number of Public Resources
- Restricting Access to Services
- Restricting Public Privileges
- Limiting the Number of Privileged Users
- Disabling the _SYSTEM User
- Restricting Access for UnknownUser
- Configuring Third-Party Software
- Performing Encryption Management Operations
- About Encryption Management Operations
- Using the Encryption Management Tools
- Using the Standalone cvencrypt Utility
- Frequently Asked Questions about Caché Security
- Relevant Cryptographic Standards and RFCs
- About PKI (Public Key Infrastructure)
- The Underlying Need
- About Public-Key Cryptography
- Authentication, Certificates, and Certificate Authorities
- How the CA Creates a Certificate
- Limitations on Certificates: Expiration and Revocation
- Recapping PKI Functionality
- Using Character-based Security Management Routines