Denodo Security Checklist

Applies to: Denodo 8.0
Last modified on: 13 Jul 2022
Tags: Administration Kerberos LDAP SSL Security

Download document

You can translate the document:

Scope

This document guides readers through the different steps to secure a Denodo installation.

Post-installation checklist

Requirement

Comply (Y/N)

Comments

COMMON

 

 

Is the update to be installed downloaded from the Support Site?

 

How to identify the Denodo Platform version and update installed

Is there a user with proper privileges to install the update?

Is the latest update installed?

Changed the default password of ‘admin’ account (or) created a new administrator user and then, remove the user ‘admin’ account?

SECURING DATA

Is transparent data encryption enabled to encrypt the default Derby database? (if used)

Transparent Metadata Encryption

SSL

 

 SSL/TLS Configurator Script

Is there a SSL certificate self-signed or from a CA for the Denodo server? (if applicable)

 

Is SSL configured in the Denodo servers? (if applicable)

 

Is SSL configured in the Denodo Platform tools? (if applicable)

 

Is SSL configured in the Embedded Web Container? (if applicable)

 

Is SSL configured for external clients? (if applicable)

 

Are the certificates of Data Sources imported in the Denodo truststore? (if applicable)

 

Only if the VDP server needs to use SSL to connect to Data Sources.

Is SSL configured in the Solution Manager?(if applicable)

Enable SSL/TLS in the Solution Manager

Is SSL configured in the Solution Manager tools? (if applicable)

Privileges

Are roles defined?

 

This may be done during deployment instead of during installation.

Are privileges assigned?

 

This may be done during deployment instead of during installation.

Types of Access Rights

Are security restrictions defined with Global Security Policies? (if applicable)

Global Security Policies

LDAP

 

 

Is the LDAP data source defined? (if applicable)

 

Virtual DataPort Admin Tool.

Is the database configured to delegate authentication to LDAP? (if applicable)

 

This may be done during deployment instead of during installation.

SSO

Does the Solution Manager delegate authentication to external identity providers like SAML, OAuth, OpenID ?  (if applicable)

Denodo Security Token

Kerberos

Is Kerberos Authentication set up ? (if applicable)

Setting-up Kerberos Authentication

Credentials Vault

Is integration with Credentials Vault enabled to obtain the credentials of JDBC data sources?

Credentials Vault

Auditing

Is an information security audit running every few months?

Auditing User Access in Virtual DataPort

Are Resource Manager rules set to reject requests from unknown IPs?

 

Resource Manager

References

Denodo Security Overview

Questions

Ask a question
You must sign in to ask a question. If you do not have an account, you can register here

Featured content

DENODO TRAINING

Ready for more? Great! We offer a comprehensive set of training courses, taught by our technical instructors in small, private groups for getting a full, in-depth guided training in the usage of the Denodo Platform. Check out our training courses.

Training