Tuesday, May 28, 13
JIRA Security And Permissions ManagementAdam G. Saint-PrixEnterprise Solutions EngineerMay 15th, 2013Tuesday, May 28, 13
EnterpriseUpdateQ & AJIRA SecurityTuesday, May 28, 13
24 x 7 Phone & Online SupportDedicated Enterprise Support RepsInstance ProfilesAtlassian Enterprise CommunityEnterprise Web...
Tuesday, May 28, 13
JIRA Admin TrainingNext class:Sept 30, 2013San Francisco, CaliforniaAdmin CoursesTuesday, May 28, 13
Tuesday, May 28, 13
Tuesday, May 28, 13
Atlassian Confluence Blueprints WebinarMay 28, 2013Matt HodgesProduct Marketing Manager, ConfluenceTuesday, May 28, 13
Atlassian Confluence Blueprints WebinarTechnical Workshops in DevelopmentConfluenceTheme DesignJIRA Upgrade Best PracticesJI...
Atlassian Enterprise CommunityTuesday, May 28, 13
Atlassian Enterprise FAQwww.atlassian.com/licensing/enterprise-faqMore Questions?http://www.atlassian.com/software/enterpr...
EnterpriseUpdateQ&AJIRA SecurityTuesday, May 28, 13
EnterpriseUpdateQ&AJIRA SecurityTuesday, May 28, 13
Tuesday, May 28, 13
Security and PermissionsManagementTuesday, May 28, 13
Exposure• Balance usability and security• Public internet vs. internal network• EncryptionTuesday, May 28, 13
Server Best Practices• Named Users• Strong Passwords• at least 15 characters• uppercase letters• lowercase letters• number...
Firewalls and Routing• Incoming Ports: 80, 443, 22• Outgoing Ports? (smtp, pop/imap, db)• No route to backend systemsCredi...
Open Ports, strong daemons• IDS• Monitoring• Firewall• RoutingTuesday, May 28, 13
SSL - Considerations• Terminate in apache or tomcat?• Application Links• Make life easierTuesday, May 28, 13
SSL is tough• Black box• Chip away at it ‘til it works• Hope to never touch it again (document because you will)• Do it ri...
Why use SSL?• Always for public facing systems• Optional, recommended ‘behind the firewall’• Optional, recommended for back...
JIRA SecurityAdministrationTuesday, May 28, 13
System AdministratorAbility to perform all administration functions.There must be at least one group withthis permission.J...
Voters&WatchersandTimeTrackingPermissionsomittedPermissionsSchemeTuesday, May 28, 13
Workflow ConditionsTip:	  Using	  roles	  makes	  workflows	  	  more	  reusableTuesday, May 28, 13
Issue SecurityTuesday, May 28, 13
Issue SecurityJIRA	  hides	  what	  we	  don’t	  have	  permission	  to	  seeTuesday, May 28, 13
Questions?Tuesday, May 28, 13
Thank you!Tuesday, May 28, 13
Upcoming SlideShare
Loading in...5
×

Enterprise workshops jira security and permissions management atlassian deck

2,606

Published on

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,606
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Enterprise workshops jira security and permissions management atlassian deck

  1. 1. Tuesday, May 28, 13
  2. 2. JIRA Security And Permissions ManagementAdam G. Saint-PrixEnterprise Solutions EngineerMay 15th, 2013Tuesday, May 28, 13
  3. 3. EnterpriseUpdateQ & AJIRA SecurityTuesday, May 28, 13
  4. 4. 24 x 7 Phone & Online SupportDedicated Enterprise Support RepsInstance ProfilesAtlassian Enterprise CommunityEnterprise WebinarsEnterprise WorkshopsAtlassian UniversityAdmin CoursesEnterprise ResourcesTuesday, May 28, 13
  5. 5. Tuesday, May 28, 13
  6. 6. JIRA Admin TrainingNext class:Sept 30, 2013San Francisco, CaliforniaAdmin CoursesTuesday, May 28, 13
  7. 7. Tuesday, May 28, 13
  8. 8. Tuesday, May 28, 13
  9. 9. Atlassian Confluence Blueprints WebinarMay 28, 2013Matt HodgesProduct Marketing Manager, ConfluenceTuesday, May 28, 13
  10. 10. Atlassian Confluence Blueprints WebinarTechnical Workshops in DevelopmentConfluenceTheme DesignJIRA Upgrade Best PracticesJIRA IntegrationsDVCS Concepts with Stash & GitMay 28, 2013Matt HodgesProduct Marketing Manager, ConfluenceTuesday, May 28, 13
  11. 11. Atlassian Enterprise CommunityTuesday, May 28, 13
  12. 12. Atlassian Enterprise FAQwww.atlassian.com/licensing/enterprise-faqMore Questions?http://www.atlassian.com/software/enterprise/overview/contactusUpgrade to Enterprise?my.atlassian.com/purchase/Tuesday, May 28, 13
  13. 13. EnterpriseUpdateQ&AJIRA SecurityTuesday, May 28, 13
  14. 14. EnterpriseUpdateQ&AJIRA SecurityTuesday, May 28, 13
  15. 15. Tuesday, May 28, 13
  16. 16. Security and PermissionsManagementTuesday, May 28, 13
  17. 17. Exposure• Balance usability and security• Public internet vs. internal network• EncryptionTuesday, May 28, 13
  18. 18. Server Best Practices• Named Users• Strong Passwords• at least 15 characters• uppercase letters• lowercase letters• numbers• Keys• sudo• Don’t run as rootRemember:  A"ackers  are  good  at  finding  the  cracks8I=</-53UR>t(n5Tuesday, May 28, 13
  19. 19. Firewalls and Routing• Incoming Ports: 80, 443, 22• Outgoing Ports? (smtp, pop/imap, db)• No route to backend systemsCredit: NIST, modified by cpepesshdJIRA  ServerDB  ServerRouterFirewallA"ackerTuesday, May 28, 13
  20. 20. Open Ports, strong daemons• IDS• Monitoring• Firewall• RoutingTuesday, May 28, 13
  21. 21. SSL - Considerations• Terminate in apache or tomcat?• Application Links• Make life easierTuesday, May 28, 13
  22. 22. SSL is tough• Black box• Chip away at it ‘til it works• Hope to never touch it again (document because you will)• Do it right, it protects youTuesday, May 28, 13
  23. 23. Why use SSL?• Always for public facing systems• Optional, recommended ‘behind the firewall’• Optional, recommended for backend systemsh"ps://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPSRunning  JIRA  over  SSL  or  HTTPS:Helpful Atlassian resources:h"ps://confluence.atlassian.com/display/JIRA/IntegraIng+JIRA+with+ApacheIntegraIng  JIRA  with  Apache:h"ps://confluence.atlassian.com/display/JIRA/Installing+JIRA+on+LinuxInstalling  JIRA  on  Linux:h"ps://confluence.atlassian.com/display/JIRA/Tomcat+security+best+pracIcesTomcat  Security  Best  PracIces:* While Atlassian does provide some documents for SSL and Apache, Atlassian cannot guarantee providing support for these custom configurationsTuesday, May 28, 13
  24. 24. JIRA SecurityAdministrationTuesday, May 28, 13
  25. 25. System AdministratorAbility to perform all administration functions.There must be at least one group withthis permission.JIRA AdministratorAbility to perform most administration functions (excluding Import & Export, SMTPConfiguration, etc.).Project AdministratorThis includes the ability to edit project role membership, project components, projectversions and some project details (Project Name, URL, Project Lead, ProjectDescription).Application AdministrationTuesday, May 28, 13
  26. 26. Voters&WatchersandTimeTrackingPermissionsomittedPermissionsSchemeTuesday, May 28, 13
  27. 27. Workflow ConditionsTip:  Using  roles  makes  workflows    more  reusableTuesday, May 28, 13
  28. 28. Issue SecurityTuesday, May 28, 13
  29. 29. Issue SecurityJIRA  hides  what  we  don’t  have  permission  to  seeTuesday, May 28, 13
  30. 30. Questions?Tuesday, May 28, 13
  31. 31. Thank you!Tuesday, May 28, 13

×