Enterprise workshops jira security and permissions management atlassian deck

  • 2,454 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,454
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Tuesday, May 28, 13
  • 2. JIRA Security And Permissions ManagementAdam G. Saint-PrixEnterprise Solutions EngineerMay 15th, 2013Tuesday, May 28, 13
  • 3. EnterpriseUpdateQ & AJIRA SecurityTuesday, May 28, 13
  • 4. 24 x 7 Phone & Online SupportDedicated Enterprise Support RepsInstance ProfilesAtlassian Enterprise CommunityEnterprise WebinarsEnterprise WorkshopsAtlassian UniversityAdmin CoursesEnterprise ResourcesTuesday, May 28, 13
  • 5. Tuesday, May 28, 13
  • 6. JIRA Admin TrainingNext class:Sept 30, 2013San Francisco, CaliforniaAdmin CoursesTuesday, May 28, 13
  • 7. Tuesday, May 28, 13
  • 8. Tuesday, May 28, 13
  • 9. Atlassian Confluence Blueprints WebinarMay 28, 2013Matt HodgesProduct Marketing Manager, ConfluenceTuesday, May 28, 13
  • 10. Atlassian Confluence Blueprints WebinarTechnical Workshops in DevelopmentConfluenceTheme DesignJIRA Upgrade Best PracticesJIRA IntegrationsDVCS Concepts with Stash & GitMay 28, 2013Matt HodgesProduct Marketing Manager, ConfluenceTuesday, May 28, 13
  • 11. Atlassian Enterprise CommunityTuesday, May 28, 13
  • 12. Atlassian Enterprise FAQwww.atlassian.com/licensing/enterprise-faqMore Questions?http://www.atlassian.com/software/enterprise/overview/contactusUpgrade to Enterprise?my.atlassian.com/purchase/Tuesday, May 28, 13
  • 13. EnterpriseUpdateQ&AJIRA SecurityTuesday, May 28, 13
  • 14. EnterpriseUpdateQ&AJIRA SecurityTuesday, May 28, 13
  • 15. Tuesday, May 28, 13
  • 16. Security and PermissionsManagementTuesday, May 28, 13
  • 17. Exposure• Balance usability and security• Public internet vs. internal network• EncryptionTuesday, May 28, 13
  • 18. Server Best Practices• Named Users• Strong Passwords• at least 15 characters• uppercase letters• lowercase letters• numbers• Keys• sudo• Don’t run as rootRemember:  A"ackers  are  good  at  finding  the  cracks8I=</-53UR>t(n5Tuesday, May 28, 13
  • 19. Firewalls and Routing• Incoming Ports: 80, 443, 22• Outgoing Ports? (smtp, pop/imap, db)• No route to backend systemsCredit: NIST, modified by cpepesshdJIRA  ServerDB  ServerRouterFirewallA"ackerTuesday, May 28, 13
  • 20. Open Ports, strong daemons• IDS• Monitoring• Firewall• RoutingTuesday, May 28, 13
  • 21. SSL - Considerations• Terminate in apache or tomcat?• Application Links• Make life easierTuesday, May 28, 13
  • 22. SSL is tough• Black box• Chip away at it ‘til it works• Hope to never touch it again (document because you will)• Do it right, it protects youTuesday, May 28, 13
  • 23. Why use SSL?• Always for public facing systems• Optional, recommended ‘behind the firewall’• Optional, recommended for backend systemsh"ps://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPSRunning  JIRA  over  SSL  or  HTTPS:Helpful Atlassian resources:h"ps://confluence.atlassian.com/display/JIRA/IntegraIng+JIRA+with+ApacheIntegraIng  JIRA  with  Apache:h"ps://confluence.atlassian.com/display/JIRA/Installing+JIRA+on+LinuxInstalling  JIRA  on  Linux:h"ps://confluence.atlassian.com/display/JIRA/Tomcat+security+best+pracIcesTomcat  Security  Best  PracIces:* While Atlassian does provide some documents for SSL and Apache, Atlassian cannot guarantee providing support for these custom configurationsTuesday, May 28, 13
  • 24. JIRA SecurityAdministrationTuesday, May 28, 13
  • 25. System AdministratorAbility to perform all administration functions.There must be at least one group withthis permission.JIRA AdministratorAbility to perform most administration functions (excluding Import & Export, SMTPConfiguration, etc.).Project AdministratorThis includes the ability to edit project role membership, project components, projectversions and some project details (Project Name, URL, Project Lead, ProjectDescription).Application AdministrationTuesday, May 28, 13
  • 26. Voters&WatchersandTimeTrackingPermissionsomittedPermissionsSchemeTuesday, May 28, 13
  • 27. Workflow ConditionsTip:  Using  roles  makes  workflows    more  reusableTuesday, May 28, 13
  • 28. Issue SecurityTuesday, May 28, 13
  • 29. Issue SecurityJIRA  hides  what  we  don’t  have  permission  to  seeTuesday, May 28, 13
  • 30. Questions?Tuesday, May 28, 13
  • 31. Thank you!Tuesday, May 28, 13