SlideShare ist ein Scribd-Unternehmen logo

Filemaker security-protect-your-data

DB Services
DB Services

Michael Westendorf presents FileMaker Security. With the recent security breaches at companies like Anthem, Target, and Morgan Stanley, it is important to stop and review security measures that we as FileMaker developers have at our disposal. Learn about the following: -Configuring your FileMaker file to prevent unwanted access -FileMaker Server security best practices -Scripting techniques for enhanced security -Security industry trends -FM injection on web forms -Checklist to securing your application

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
Michael Westendorf Senior Application Developer
 www.dbservices.com FILEMAKER SECURITY: PROTECT YOUR DATA
Questions If you have a question, please typist it into the console. If we don’t get to your question, please send it to fba@dbservices.com
Overview • Protecting your FileMaker file • FileMaker Server best practices • Basic techniques • Security industry trends • Checklist to securing your application
About DB Services •We are a team of analysts, developers, and designers creating custom applications to make your organization more effective and efficient. Learn more about our FileMaker services on our website. •If you leave this presentation wanting learn more! Check out our FileMaker Blog where we post new content each month. •To learn more about DB Services, check out our website at www.dbservices.com
Background Work Read more on me on our website, dbservices.com, in the About section • Sponsor at FileMaker Developer Conference • Member of FM Academy • Article included in FM Newsletter • Global presence (Canada, Europe, Africa, Asia) • Team focused on adding value • Senior Application Developer at
 DB Services • Certified in 12, 13, 14, 15 • Working with FileMaker for over 10 years
Protecting Your File • Disable generic Admin full access account • Enable File Access Restrictions • Set min version in file options 
 (FileMaker 13) • Use External Authentication • Enable Encryption At Rest
Protecting Your File External Authentication/single sign-on • Your organization already uses Active Directory or Open Directory • Your FileMaker files will be accessed by other files in a multi-file solution. • Your organization enforces minimum password standards.
 FileMaker can only enforce password length and frequency of changing password. • Note: Possible for someone to replicate your security group and gain access to data
Protecting Your File Encrypt your file using a password phrase • Secures the file against domain replication • Prevents the file from being cracked
 with third party tools
Protecting Your File Privilege Sets - Data Access and Design • Records • View, Edit, Create, Delete • Individual fields • Access to FM calc engine • Layouts • View, Edit existing layouts • Limit creation of new layouts • Disable record access • Value Lists • View, Edit existing lists • Limit Creation • Scripts • Execute or Edit • Limit creation
Protecting Your File Privilege Sets - Extended Privileges • Limits how file is accessed • Network, WebDirect, ODBC,
 XML, PHP • You can create your own 
 to further extend your 
 application.
Protecting Your File Privilege Sets - Other Privileges
 Limits access to • Printing • Exporting • Manage extended privileges • Allow user to override data validation warnings • Disconnect Idle users • Allow users to modify passwords • Password Requirements • Limiting menu commands
Demo
Best Practices • Encrypt sensitive data at field level by use of plug-ins
 http://www.dbservices.com/articles/filemaker-encryption- with-baseelements • Limit Plug-Ins • Prevent unwanted access from FM Advanced (Data Viewer) • Use guard clauses to prevent scripts from executing • Disable unnecessary layout modes, especially table view • Don’t use global variables as security flags/booleans
Best Practices Custom Account Management • Awareness of Find behavior • Using Snapshot links • Create a custom No Access privilege set • More restrictive than read only
Demo
FileMaker Server Best Practices • Remove the sample file from the server • Hide individual files that are hosted on the server • List only the databases each user is authorized to access • Enable SSL and use a signed certificate • Disable Plug-In installation via a script step • Restrict access to Admin Console by IP address • Disable technologies not needed XML, PHP, ODBC • Enable client timeout
General Security Topics • Interface level security in FM is not real security • Exports, table view, data viewer • Sanitize all data gathered on web forms • Encrypt your hard disk drives • Review server logs for potential attacks • Block unwanted IP’s that are trying to brute force their way in • Send sensitive information via encrypted emails. • Use 3rd party tools like Virtru to make this easier
Security Industry Trends • Enhanced use of encryption • Resistance to cloud technology • Application penetration testing • Mobile security • Two step authentication
Security Industry Trends Application penetration testing • Input Validation • Buffer Overflow • Cross Site Scripting • URL Manipulation • SQL Injection • Hidden Variable Manipulation • Cookie Modification • Authentication Bypass • Code Execution
Security Checklist Check out the post on DB Services website to obtain the Security Checklist. https://www.dbservices.com/articles/filemaker-safety- checklist/
Resources • FileMaker Security Guide
 http://www.filemaker.com/downloads/documentation/fm12_security_guide_en.pdf • An Exploit-Based Approach To Providing 
 FileMaker Platform Security - Steven Blackwell • FileMakerTalk Podcast, Episode 103: Security
Q&A

Empfohlen

Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1
Vibrant Technologies & Computers
 
Automation Test Framework
Automation Test FrameworkAutomation Test Framework
Automation Test Framework
Sachin-QA
 
Websphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphereWebsphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphere
Vibrant Technologies & Computers
 
Essential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security ConfigurationEssential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security Configuration
Precisely
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
leanne_abarro
 
Websphere - Introduction to jdbc
Websphere - Introduction to jdbcWebsphere - Introduction to jdbc
Websphere - Introduction to jdbc
Vibrant Technologies & Computers
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC Introduction
Aravindan A
 
Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-
Iqra Hameed
 

Empfohlen

Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1
Vibrant Technologies & Computers
 
Automation Test Framework
Automation Test FrameworkAutomation Test Framework
Automation Test Framework
Sachin-QA
 
Websphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphereWebsphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphere
Vibrant Technologies & Computers
 
Essential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security ConfigurationEssential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security Configuration
Precisely
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
leanne_abarro
 
Websphere - Introduction to jdbc
Websphere - Introduction to jdbcWebsphere - Introduction to jdbc
Websphere - Introduction to jdbc
Vibrant Technologies & Computers
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC Introduction
Aravindan A
 
Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-
Iqra Hameed
 
Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configuration
Vibrant Technologies & Computers
 
Iplanet
IplanetIplanet
Iplanet
Roshan Karunarathna
 
7. Kepware_Security
7. Kepware_Security7. Kepware_Security
7. Kepware_Security
Steve Lim
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and Us
Lee Saferite
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
Aravindan A
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
Matthew Saltzman
 
Cloudflare Access
Cloudflare AccessCloudflare Access
Cloudflare Access
Meghan Weinreich
 
Ibm tivoli access manager online training
Ibm tivoli access manager online trainingIbm tivoli access manager online training
Ibm tivoli access manager online training
FuturePoint Technologies
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
Nordic Infrastructure Conference
 
ICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 CertificateICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 Certificate
Amanda Thompson AICB (Comp) Pm Dip Cert
 
FileMaker Scripting Best Practices
FileMaker Scripting Best PracticesFileMaker Scripting Best Practices
FileMaker Scripting Best Practices
DB Services
 
Chapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 ProgrammingChapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 Programming
patf719
 
ld2-pptslide
ld2-pptslideld2-pptslide
ld2-pptslide
sekolahrepoeblijk
 
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDKFMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
Verein FM Konferenz
 
Allowable deductions.feb.2011
Allowable deductions.feb.2011Allowable deductions.feb.2011
Allowable deductions.feb.2011
Phil Taxation
 
Taxation in the Philippines
Taxation in the PhilippinesTaxation in the Philippines
Taxation in the Philippines
CheryLanne Demafiles
 
Principles of phil taxation
Principles of phil taxationPrinciples of phil taxation
Principles of phil taxation
University of Santo Tomas
 
FileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's GuideFileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's Guide
FrescatiStory
 
Corporate income tax.feb.2011
Corporate income tax.feb.2011Corporate income tax.feb.2011
Corporate income tax.feb.2011
Phil Taxation
 
Taxation in the philippines
Taxation in the philippinesTaxation in the philippines
Taxation in the philippines
Zharlene Soliguen
 
Value Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) PhilippinesValue Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) Philippines
Karla J. Medina
 

Weitere ähnliche Inhalte

Was ist angesagt?

7. Kepware_Security
7. Kepware_Security7. Kepware_Security
7. Kepware_Security
Steve Lim
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
Nordic Infrastructure Conference
 

Was ist angesagt? (10)

Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configuration
 
Iplanet
IplanetIplanet
Iplanet
 
7. Kepware_Security
7. Kepware_Security7. Kepware_Security
7. Kepware_Security
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and Us
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 
Cloudflare Access
Cloudflare AccessCloudflare Access
Cloudflare Access
 
Ibm tivoli access manager online training
Ibm tivoli access manager online trainingIbm tivoli access manager online training
Ibm tivoli access manager online training
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 

Andere mochten auch

Value Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) PhilippinesValue Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) Philippines
Karla J. Medina
 
Accounting for non accounting professionals
Accounting for non accounting professionalsAccounting for non accounting professionals
Accounting for non accounting professionals
Munir Ahmad
 
Tutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel ApplicationTutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel Application
cios135
 
Computation of income tax
Computation of income taxComputation of income tax
Computation of income tax
Marvin Morales
 

Andere mochten auch (20)

ICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 CertificateICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 Certificate
 
FileMaker Scripting Best Practices
FileMaker Scripting Best PracticesFileMaker Scripting Best Practices
FileMaker Scripting Best Practices
 
Chapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 ProgrammingChapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 Programming
 
ld2-pptslide
ld2-pptslideld2-pptslide
ld2-pptslide
 
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDKFMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
 
Allowable deductions.feb.2011
Allowable deductions.feb.2011Allowable deductions.feb.2011
Allowable deductions.feb.2011
 
Taxation in the Philippines
Taxation in the PhilippinesTaxation in the Philippines
Taxation in the Philippines
 
Principles of phil taxation
Principles of phil taxationPrinciples of phil taxation
Principles of phil taxation
 
FileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's GuideFileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's Guide
 
Corporate income tax.feb.2011
Corporate income tax.feb.2011Corporate income tax.feb.2011
Corporate income tax.feb.2011
 
Taxation in the philippines
Taxation in the philippinesTaxation in the philippines
Taxation in the philippines
 
Value Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) PhilippinesValue Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) Philippines
 
Accounting for non accounting professionals
Accounting for non accounting professionalsAccounting for non accounting professionals
Accounting for non accounting professionals
 
Powerpoint tax71 VALUE-ADDED TAX
Powerpoint tax71 VALUE-ADDED TAXPowerpoint tax71 VALUE-ADDED TAX
Powerpoint tax71 VALUE-ADDED TAX
 
Tax law in the Philippines
Tax law in the PhilippinesTax law in the Philippines
Tax law in the Philippines
 
Tutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel ApplicationTutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel Application
 
Corporate tax
Corporate taxCorporate tax
Corporate tax
 
Principles of income taxation
Principles of income taxationPrinciples of income taxation
Principles of income taxation
 
Taxation
TaxationTaxation
Taxation
 
Computation of income tax
Computation of income taxComputation of income tax
Computation of income tax
 

Ähnlich wie Filemaker security-protect-your-data

CompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptxCompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptx
mohedkhadar60
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 

Ähnlich wie Filemaker security-protect-your-data (20)

CompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptxCompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptx
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website security
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017
 
Leveraging Force.com: What, Why & Hows?
Leveraging Force.com: What, Why & Hows?Leveraging Force.com: What, Why & Hows?
Leveraging Force.com: What, Why & Hows?
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
 

Mehr von DB Services

Filemaker selling-design
Filemaker selling-designFilemaker selling-design
Filemaker selling-design
DB Services
 

Mehr von DB Services (8)

2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
 
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
 
FileMaker 19 Overview | DB Services
FileMaker 19 Overview | DB ServicesFileMaker 19 Overview | DB Services
FileMaker 19 Overview | DB Services
 
Claris Connect Overview | DB Services
Claris Connect Overview | DB ServicesClaris Connect Overview | DB Services
Claris Connect Overview | DB Services
 
Becoming a-filemaker-designer-in-60-minutes
Becoming a-filemaker-designer-in-60-minutesBecoming a-filemaker-designer-in-60-minutes
Becoming a-filemaker-designer-in-60-minutes
 
Filemaker selling-design
Filemaker selling-designFilemaker selling-design
Filemaker selling-design
 
Filemaker FMP URLs
Filemaker FMP URLsFilemaker FMP URLs
Filemaker FMP URLs
 
Rename with Confidence – Building Dynamic FileMaker Systems
Rename with Confidence – Building Dynamic FileMaker SystemsRename with Confidence – Building Dynamic FileMaker Systems
Rename with Confidence – Building Dynamic FileMaker Systems
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Filemaker security-protect-your-data

  • 1. Michael Westendorf Senior Application Developer
 www.dbservices.com FILEMAKER SECURITY: PROTECT YOUR DATA
  • 2. Questions If you have a question, please typist it into the console. If we don’t get to your question, please send it to fba@dbservices.com
  • 3. Overview • Protecting your FileMaker file • FileMaker Server best practices • Basic techniques • Security industry trends • Checklist to securing your application
  • 4. About DB Services •We are a team of analysts, developers, and designers creating custom applications to make your organization more effective and efficient. Learn more about our FileMaker services on our website. •If you leave this presentation wanting learn more! Check out our FileMaker Blog where we post new content each month. •To learn more about DB Services, check out our website at www.dbservices.com
  • 5. Background Work Read more on me on our website, dbservices.com, in the About section • Sponsor at FileMaker Developer Conference • Member of FM Academy • Article included in FM Newsletter • Global presence (Canada, Europe, Africa, Asia) • Team focused on adding value • Senior Application Developer at
 DB Services • Certified in 12, 13, 14, 15 • Working with FileMaker for over 10 years
  • 6. Protecting Your File • Disable generic Admin full access account • Enable File Access Restrictions • Set min version in file options 
 (FileMaker 13) • Use External Authentication • Enable Encryption At Rest
  • 7. Protecting Your File External Authentication/single sign-on • Your organization already uses Active Directory or Open Directory • Your FileMaker files will be accessed by other files in a multi-file solution. • Your organization enforces minimum password standards.
 FileMaker can only enforce password length and frequency of changing password. • Note: Possible for someone to replicate your security group and gain access to data
  • 8. Protecting Your File Encrypt your file using a password phrase • Secures the file against domain replication • Prevents the file from being cracked
 with third party tools
  • 9. Protecting Your File Privilege Sets - Data Access and Design • Records • View, Edit, Create, Delete • Individual fields • Access to FM calc engine • Layouts • View, Edit existing layouts • Limit creation of new layouts • Disable record access • Value Lists • View, Edit existing lists • Limit Creation • Scripts • Execute or Edit • Limit creation
  • 10.
  • 11. Protecting Your File Privilege Sets - Extended Privileges • Limits how file is accessed • Network, WebDirect, ODBC,
 XML, PHP • You can create your own 
 to further extend your 
 application.
  • 12. Protecting Your File Privilege Sets - Other Privileges
 Limits access to • Printing • Exporting • Manage extended privileges • Allow user to override data validation warnings • Disconnect Idle users • Allow users to modify passwords • Password Requirements • Limiting menu commands
  • 13. Demo
  • 14. Best Practices • Encrypt sensitive data at field level by use of plug-ins
 http://www.dbservices.com/articles/filemaker-encryption- with-baseelements • Limit Plug-Ins • Prevent unwanted access from FM Advanced (Data Viewer) • Use guard clauses to prevent scripts from executing • Disable unnecessary layout modes, especially table view • Don’t use global variables as security flags/booleans
  • 15. Best Practices Custom Account Management • Awareness of Find behavior • Using Snapshot links • Create a custom No Access privilege set • More restrictive than read only
  • 16. Demo
  • 17. FileMaker Server Best Practices • Remove the sample file from the server • Hide individual files that are hosted on the server • List only the databases each user is authorized to access • Enable SSL and use a signed certificate • Disable Plug-In installation via a script step • Restrict access to Admin Console by IP address • Disable technologies not needed XML, PHP, ODBC • Enable client timeout
  • 18. General Security Topics • Interface level security in FM is not real security • Exports, table view, data viewer • Sanitize all data gathered on web forms • Encrypt your hard disk drives • Review server logs for potential attacks • Block unwanted IP’s that are trying to brute force their way in • Send sensitive information via encrypted emails. • Use 3rd party tools like Virtru to make this easier
  • 19. Security Industry Trends • Enhanced use of encryption • Resistance to cloud technology • Application penetration testing • Mobile security • Two step authentication
  • 20. Security Industry Trends Application penetration testing • Input Validation • Buffer Overflow • Cross Site Scripting • URL Manipulation • SQL Injection • Hidden Variable Manipulation • Cookie Modification • Authentication Bypass • Code Execution
  • 21. Security Checklist Check out the post on DB Services website to obtain the Security Checklist. https://www.dbservices.com/articles/filemaker-safety- checklist/
  • 22. Resources • FileMaker Security Guide
 http://www.filemaker.com/downloads/documentation/fm12_security_guide_en.pdf • An Exploit-Based Approach To Providing 
 FileMaker Platform Security - Steven Blackwell • FileMakerTalk Podcast, Episode 103: Security
  • 23. Q&A