Applies to:
Denodo 8.0
Last modified on: 13 Jul 2022
Tags:
Administration
Kerberos
LDAP
SSL
Security
This document guides readers through the different steps to secure a Denodo installation.
Requirement |
Comply (Y/N) |
Comments |
COMMON |
|
|
Is the update to be installed downloaded from the Support Site? |
|
How to identify the Denodo Platform version and update installed |
Is there a user with proper privileges to install the update? |
||
Is the latest update installed? |
||
Changed the default password of ‘admin’ account (or) created a new administrator user and then, remove the user ‘admin’ account? |
|
|
SECURING DATA |
||
Is transparent data encryption enabled to encrypt the default Derby database? (if used) |
Transparent Metadata Encryption |
|
SSL |
|
|
Is there a SSL certificate self-signed or from a CA for the Denodo server? (if applicable) |
|
|
Is SSL configured in the Denodo servers? (if applicable) |
|
|
Is SSL configured in the Denodo Platform tools? (if applicable) |
|
|
Is SSL configured in the Embedded Web Container? (if applicable) |
|
|
Is SSL configured for external clients? (if applicable) |
|
|
Are the certificates of Data Sources imported in the Denodo truststore? (if applicable) |
|
Only if the VDP server needs to use SSL to connect to Data Sources. |
Is SSL configured in the Solution Manager?(if applicable) |
||
Is SSL configured in the Solution Manager tools? (if applicable) |
||
Privileges |
||
Are roles defined? |
|
This may be done during deployment instead of during installation. |
Are privileges assigned? |
|
This may be done during deployment instead of during installation. Types of Access Rights |
Are security restrictions defined with Global Security Policies? (if applicable) |
Global Security Policies |
|
LDAP |
|
|
Is the LDAP data source defined? (if applicable) |
|
Virtual DataPort Admin Tool. |
Is the database configured to delegate authentication to LDAP? (if applicable) |
|
This may be done during deployment instead of during installation. |
SSO |
||
Does the Solution Manager delegate authentication to external identity providers like SAML, OAuth, OpenID ? (if applicable) |
Denodo Security Token |
|
Kerberos |
||
Is Kerberos Authentication set up ? (if applicable) |
Setting-up Kerberos Authentication |
|
Credentials Vault |
||
Is integration with Credentials Vault enabled to obtain the credentials of JDBC data sources? |
Credentials Vault |
|
Auditing |
||
Is an information security audit running every few months? |
Auditing User Access in Virtual DataPort |
|
Are Resource Manager rules set to reject requests from unknown IPs? |
Resource Manager |