Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Countly Enterprise onboarding: Security functions


Published on

This guide shows a list of all security related functions and featurs of Countly Enterprise Edition

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Countly Enterprise onboarding: Security functions

  1. 1. Countly 1 Countly Enterprise Onboarding Security Aspects
  2. 2. Getting Started web: twitter: @gocountly 2 This guide will give you information about following items: 1. Installation and upgrade 2. Ports & using a firewall 3. API key & APP key 4. Using HTTPS 5. Other security related measures
  3. 3. Installation & upgrade web: twitter: @gocountly 3 • Installation is done automatically using an installer • Installer downloads dependencies from Ubuntu or Red Hat repositories. • Installer is not bundled with a 3rd party package, instead downloads latest packages to maximize dependability and security. • Upgrades are done by: • Upgrading core Countly Enterprise Edition • Upgrading Mongodb, Node.js and Nginx • Upgrading Node.js modules
  4. 4. Ports & using a firewall web: twitter: @gocountly 4 • Countly nodes need 80 (http), 443 (https), 53 (DNS) and 25 (mail) ports to be open. • MongoDB requires 27017 port to be open (for replica set). For all MongoDB ports see this link. • Linux iptables can be used to block all ports but 80, 443, 53 and 25.
  5. 5. Authentication methods web: twitter: @gocountly 5 ● Username and password combination ○ Used to access dashboard through user account ● API key ○ Used to access Countly REST API. ○ Is tied to specific account and grants same read/write permission that account has ● Using APP key ○ SDK connects to server using APP key ○ Can only insert information about this specific app ● For more information about Countly REST API, see this link.
  6. 6. Account levels web: twitter: @gocountly 6 ● Global admin ○ Has read and write access to all apps stored on the server ● App Admin ○ Has read and write access only to specific apps ● App User ○ Has read access only to specific apps ● Same account can have different access (admin and user) to different apps ● Each user can be limited to only some selected dashboard views.
  7. 7. Using HTTPS web: twitter: @gocountly 7 ● By default Countly runs on HTTP ● Nginx configuration should be modified for HTTPS ● HTTPS configuration servers two purposes: ○ Let dashboard users connect using SSL ○ Let devices connect using SSL (if device is capable). ● For more information and configuration options, see this link.
  8. 8. Other security related measures web: twitter: @gocountly 8 • Encrypted passwords: Passwords are SHA1 hash based message authentication code with timestamp salt • Auto logoff: User is logged out after a configurable amount of time (30min by default) • Login monitoring: All logins are stored and can be monitored in real time via dashboard. • This includes: • User’s login information • Password reset information • App (create,update,reset,delete) events • User (create, update, delete) events
  9. 9. Countly 9