SlideShare a Scribd company logo

Filemaker security-protect-your-data

DB Services
DB Services

Michael Westendorf presents FileMaker Security. With the recent security breaches at companies like Anthem, Target, and Morgan Stanley, it is important to stop and review security measures that we as FileMaker developers have at our disposal. Learn about the following: -Configuring your FileMaker file to prevent unwanted access -FileMaker Server security best practices -Scripting techniques for enhanced security -Security industry trends -FM injection on web forms -Checklist to securing your application

Technology
1 of 23
Download to read offline
Michael Westendorf Senior Application Developer
 www.dbservices.com FILEMAKER SECURITY: PROTECT YOUR DATA
Questions If you have a question, please typist it into the console. If we don’t get to your question, please send it to fba@dbservices.com
Overview • Protecting your FileMaker file • FileMaker Server best practices • Basic techniques • Security industry trends • Checklist to securing your application
About DB Services •We are a team of analysts, developers, and designers creating custom applications to make your organization more effective and efficient. Learn more about our FileMaker services on our website. •If you leave this presentation wanting learn more! Check out our FileMaker Blog where we post new content each month. •To learn more about DB Services, check out our website at www.dbservices.com
Background Work Read more on me on our website, dbservices.com, in the About section • Sponsor at FileMaker Developer Conference • Member of FM Academy • Article included in FM Newsletter • Global presence (Canada, Europe, Africa, Asia) • Team focused on adding value • Senior Application Developer at
 DB Services • Certified in 12, 13, 14, 15 • Working with FileMaker for over 10 years
Protecting Your File • Disable generic Admin full access account • Enable File Access Restrictions • Set min version in file options 
 (FileMaker 13) • Use External Authentication • Enable Encryption At Rest
Protecting Your File External Authentication/single sign-on • Your organization already uses Active Directory or Open Directory • Your FileMaker files will be accessed by other files in a multi-file solution. • Your organization enforces minimum password standards.
 FileMaker can only enforce password length and frequency of changing password. • Note: Possible for someone to replicate your security group and gain access to data
Protecting Your File Encrypt your file using a password phrase • Secures the file against domain replication • Prevents the file from being cracked
 with third party tools
Protecting Your File Privilege Sets - Data Access and Design • Records • View, Edit, Create, Delete • Individual fields • Access to FM calc engine • Layouts • View, Edit existing layouts • Limit creation of new layouts • Disable record access • Value Lists • View, Edit existing lists • Limit Creation • Scripts • Execute or Edit • Limit creation
Protecting Your File Privilege Sets - Extended Privileges • Limits how file is accessed • Network, WebDirect, ODBC,
 XML, PHP • You can create your own 
 to further extend your 
 application.
Protecting Your File Privilege Sets - Other Privileges
 Limits access to • Printing • Exporting • Manage extended privileges • Allow user to override data validation warnings • Disconnect Idle users • Allow users to modify passwords • Password Requirements • Limiting menu commands
Demo
Best Practices • Encrypt sensitive data at field level by use of plug-ins
 http://www.dbservices.com/articles/filemaker-encryption- with-baseelements • Limit Plug-Ins • Prevent unwanted access from FM Advanced (Data Viewer) • Use guard clauses to prevent scripts from executing • Disable unnecessary layout modes, especially table view • Don’t use global variables as security flags/booleans
Best Practices Custom Account Management • Awareness of Find behavior • Using Snapshot links • Create a custom No Access privilege set • More restrictive than read only
Demo
FileMaker Server Best Practices • Remove the sample file from the server • Hide individual files that are hosted on the server • List only the databases each user is authorized to access • Enable SSL and use a signed certificate • Disable Plug-In installation via a script step • Restrict access to Admin Console by IP address • Disable technologies not needed XML, PHP, ODBC • Enable client timeout
General Security Topics • Interface level security in FM is not real security • Exports, table view, data viewer • Sanitize all data gathered on web forms • Encrypt your hard disk drives • Review server logs for potential attacks • Block unwanted IP’s that are trying to brute force their way in • Send sensitive information via encrypted emails. • Use 3rd party tools like Virtru to make this easier
Security Industry Trends • Enhanced use of encryption • Resistance to cloud technology • Application penetration testing • Mobile security • Two step authentication
Security Industry Trends Application penetration testing • Input Validation • Buffer Overflow • Cross Site Scripting • URL Manipulation • SQL Injection • Hidden Variable Manipulation • Cookie Modification • Authentication Bypass • Code Execution
Security Checklist Check out the post on DB Services website to obtain the Security Checklist. https://www.dbservices.com/articles/filemaker-safety- checklist/
Resources • FileMaker Security Guide
 http://www.filemaker.com/downloads/documentation/fm12_security_guide_en.pdf • An Exploit-Based Approach To Providing 
 FileMaker Platform Security - Steven Blackwell • FileMakerTalk Podcast, Episode 103: Security
Q&A

Recommended

Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1
Vibrant Technologies & Computers
 
Automation Test Framework
Automation Test FrameworkAutomation Test Framework
Automation Test Framework
Sachin-QA
 
Websphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphereWebsphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphere
Vibrant Technologies & Computers
 
Essential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security ConfigurationEssential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security Configuration
Precisely
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
leanne_abarro
 
Websphere - Introduction to jdbc
Websphere - Introduction to jdbcWebsphere - Introduction to jdbc
Websphere - Introduction to jdbc
Vibrant Technologies & Computers
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC Introduction
Aravindan A
 
Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-
Iqra Hameed
 

Recommended

Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1
Vibrant Technologies & Computers
 
Automation Test Framework
Automation Test FrameworkAutomation Test Framework
Automation Test Framework
Sachin-QA
 
Websphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphereWebsphere - Intoduction to Unicode websphere
Websphere - Intoduction to Unicode websphere
Vibrant Technologies & Computers
 
Essential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security ConfigurationEssential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security Configuration
Precisely
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
leanne_abarro
 
Websphere - Introduction to jdbc
Websphere - Introduction to jdbcWebsphere - Introduction to jdbc
Websphere - Introduction to jdbc
Vibrant Technologies & Computers
 
WAF CC Introduction
WAF CC IntroductionWAF CC Introduction
WAF CC Introduction
Aravindan A
 
Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-Barracuda_Spam_Firewall_profile-
Barracuda_Spam_Firewall_profile-
Iqra Hameed
 
Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configuration
Vibrant Technologies & Computers
 
Iplanet
IplanetIplanet
Iplanet
Roshan Karunarathna
 
7. Kepware_Security
7. Kepware_Security7. Kepware_Security
7. Kepware_Security
Steve Lim
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and Us
Lee Saferite
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
Aravindan A
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
Matthew Saltzman
 
Cloudflare Access
Cloudflare AccessCloudflare Access
Cloudflare Access
Meghan Weinreich
 
Ibm tivoli access manager online training
Ibm tivoli access manager online trainingIbm tivoli access manager online training
Ibm tivoli access manager online training
FuturePoint Technologies
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
Nordic Infrastructure Conference
 
ICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 CertificateICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 CertificateAmanda Thompson AICB (Comp) Pm Dip Cert
 
FileMaker Scripting Best Practices
FileMaker Scripting Best PracticesFileMaker Scripting Best Practices
FileMaker Scripting Best Practices
DB Services
 
Chapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 ProgrammingChapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 Programming
patf719
 
ld2-pptslide
ld2-pptslideld2-pptslide
ld2-pptslide
sekolahrepoeblijk
 
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDKFMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
Verein FM Konferenz
 
Allowable deductions.feb.2011
Allowable deductions.feb.2011Allowable deductions.feb.2011
Allowable deductions.feb.2011
Phil Taxation
 
Taxation in the Philippines
Taxation in the PhilippinesTaxation in the Philippines
Taxation in the Philippines
CheryLanne Demafiles
 
Principles of phil taxation
Principles of phil taxationPrinciples of phil taxation
Principles of phil taxation
University of Santo Tomas
 
FileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's GuideFileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's Guide
FrescatiStory
 
Corporate income tax.feb.2011
Corporate income tax.feb.2011Corporate income tax.feb.2011
Corporate income tax.feb.2011
Phil Taxation
 
Taxation in the philippines
Taxation in the philippinesTaxation in the philippines
Taxation in the philippines
Zharlene Soliguen
 
Value Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) PhilippinesValue Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) Philippines
Karla J. Medina
 

More Related Content

What's hot

Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configuration
Vibrant Technologies & Computers
 
Iplanet
IplanetIplanet
Iplanet
Roshan Karunarathna
 
7. Kepware_Security
7. Kepware_Security7. Kepware_Security
7. Kepware_Security
Steve Lim
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and Us
Lee Saferite
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
Aravindan A
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
Matthew Saltzman
 
Cloudflare Access
Cloudflare AccessCloudflare Access
Cloudflare Access
Meghan Weinreich
 
Ibm tivoli access manager online training
Ibm tivoli access manager online trainingIbm tivoli access manager online training
Ibm tivoli access manager online training
FuturePoint Technologies
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
Nordic Infrastructure Conference
 

What's hot (10)

Websphere - Introduction to logs and configuration
Websphere - Introduction to logs and configurationWebsphere - Introduction to logs and configuration
Websphere - Introduction to logs and configuration
 
Iplanet
IplanetIplanet
Iplanet
 
7. Kepware_Security
7. Kepware_Security7. Kepware_Security
7. Kepware_Security
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
 
Magento Security and Us
Magento Security and UsMagento Security and Us
Magento Security and Us
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
Going outside the application
Going outside the applicationGoing outside the application
Going outside the application
 
Cloudflare Access
Cloudflare AccessCloudflare Access
Cloudflare Access
 
Ibm tivoli access manager online training
Ibm tivoli access manager online trainingIbm tivoli access manager online training
Ibm tivoli access manager online training
 
Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...Brian Desmond - Quickly and easily protect your applications and services wit...
Brian Desmond - Quickly and easily protect your applications and services wit...
 

Viewers also liked

FileMaker Scripting Best Practices
FileMaker Scripting Best PracticesFileMaker Scripting Best Practices
FileMaker Scripting Best Practices
DB Services
 
Chapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 ProgrammingChapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 Programming
patf719
 
ld2-pptslide
ld2-pptslideld2-pptslide
ld2-pptslide
sekolahrepoeblijk
 
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDKFMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
Verein FM Konferenz
 
Allowable deductions.feb.2011
Allowable deductions.feb.2011Allowable deductions.feb.2011
Allowable deductions.feb.2011
Phil Taxation
 
Taxation in the Philippines
Taxation in the PhilippinesTaxation in the Philippines
Taxation in the Philippines
CheryLanne Demafiles
 
Principles of phil taxation
Principles of phil taxationPrinciples of phil taxation
Principles of phil taxation
University of Santo Tomas
 
FileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's GuideFileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's Guide
FrescatiStory
 
Corporate income tax.feb.2011
Corporate income tax.feb.2011Corporate income tax.feb.2011
Corporate income tax.feb.2011
Phil Taxation
 
Taxation in the philippines
Taxation in the philippinesTaxation in the philippines
Taxation in the philippines
Zharlene Soliguen
 
Value Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) PhilippinesValue Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) Philippines
Karla J. Medina
 
Accounting for non accounting professionals
Accounting for non accounting professionalsAccounting for non accounting professionals
Accounting for non accounting professionals
Munir Ahmad
 
Powerpoint tax71 VALUE-ADDED TAX
Powerpoint tax71 VALUE-ADDED TAXPowerpoint tax71 VALUE-ADDED TAX
Powerpoint tax71 VALUE-ADDED TAX
very maldita
 
Tax law in the Philippines
Tax law in the PhilippinesTax law in the Philippines
Tax law in the Philippines
Ferdinand Importado, CPA, MBA
 
Tutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel ApplicationTutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel Application
cios135
 
Corporate tax
Corporate taxCorporate tax
Corporate tax
Mohammad Ayub
 
Principles of income taxation
Principles of income taxationPrinciples of income taxation
Principles of income taxation
University of Santo Tomas
 
Taxation
TaxationTaxation
Taxation
Tilleke Gunalatika
 
Computation of income tax
Computation of income taxComputation of income tax
Computation of income tax
Marvin Morales
 

Viewers also liked (20)

ICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 CertificateICB Basic Bookkeeping Level 1 Certificate
ICB Basic Bookkeeping Level 1 Certificate
 
FileMaker Scripting Best Practices
FileMaker Scripting Best PracticesFileMaker Scripting Best Practices
FileMaker Scripting Best Practices
 
Chapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 ProgrammingChapter 01: Intro to VB2010 Programming
Chapter 01: Intro to VB2010 Programming
 
ld2-pptslide
ld2-pptslideld2-pptslide
ld2-pptslide
 
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDKFMK 2016 - Robert Kaiser - FileMaker iOS App SDK
FMK 2016 - Robert Kaiser - FileMaker iOS App SDK
 
Allowable deductions.feb.2011
Allowable deductions.feb.2011Allowable deductions.feb.2011
Allowable deductions.feb.2011
 
Taxation in the Philippines
Taxation in the PhilippinesTaxation in the Philippines
Taxation in the Philippines
 
Principles of phil taxation
Principles of phil taxationPrinciples of phil taxation
Principles of phil taxation
 
FileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's GuideFileMaker Pro 10 - User's Guide
FileMaker Pro 10 - User's Guide
 
Corporate income tax.feb.2011
Corporate income tax.feb.2011Corporate income tax.feb.2011
Corporate income tax.feb.2011
 
Taxation in the philippines
Taxation in the philippinesTaxation in the philippines
Taxation in the philippines
 
Value Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) PhilippinesValue Added Tax (Taxable Sales) Philippines
Value Added Tax (Taxable Sales) Philippines
 
Accounting for non accounting professionals
Accounting for non accounting professionalsAccounting for non accounting professionals
Accounting for non accounting professionals
 
Powerpoint tax71 VALUE-ADDED TAX
Powerpoint tax71 VALUE-ADDED TAXPowerpoint tax71 VALUE-ADDED TAX
Powerpoint tax71 VALUE-ADDED TAX
 
Tax law in the Philippines
Tax law in the PhilippinesTax law in the Philippines
Tax law in the Philippines
 
Tutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel ApplicationTutorial 8: Developing an Excel Application
Tutorial 8: Developing an Excel Application
 
Corporate tax
Corporate taxCorporate tax
Corporate tax
 
Principles of income taxation
Principles of income taxationPrinciples of income taxation
Principles of income taxation
 
Taxation
TaxationTaxation
Taxation
 
Computation of income tax
Computation of income taxComputation of income tax
Computation of income tax
 

Similar to Filemaker security-protect-your-data

CompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptxCompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptx
mohedkhadar60
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
MongoDB
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
Digicomp Academy AG
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
Microsoft TechNet - Belgium and Luxembourg
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website security
Sucuri
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
NetSPI
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
Alert Logic
 
Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017
Micro Focus
 
Leveraging Force.com: What, Why & Hows?
Leveraging Force.com: What, Why & Hows?Leveraging Force.com: What, Why & Hows?
Leveraging Force.com: What, Why & Hows?
CloudSense
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
MariaDB plc
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
Sumit Tambe
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Zoho Corporation
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
MongoDB
 

Similar to Filemaker security-protect-your-data (20)

CompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptxCompTIASecPLUSAASS-part4 - Edited (1).pptx
CompTIASecPLUSAASS-part4 - Edited (1).pptx
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website security
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017Micro Focus Filr - #MFSummit2017
Micro Focus Filr - #MFSummit2017
 
Leveraging Force.com: What, Why & Hows?
Leveraging Force.com: What, Why & Hows?Leveraging Force.com: What, Why & Hows?
Leveraging Force.com: What, Why & Hows?
 
Database Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best PracticesDatabase Security Threats - MariaDB Security Best Practices
Database Security Threats - MariaDB Security Best Practices
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
 

More from DB Services

2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
DB Services
 
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
DB Services
 
FileMaker 19 Overview | DB Services
FileMaker 19 Overview | DB ServicesFileMaker 19 Overview | DB Services
FileMaker 19 Overview | DB Services
DB Services
 
Claris Connect Overview | DB Services
Claris Connect Overview | DB ServicesClaris Connect Overview | DB Services
Claris Connect Overview | DB Services
DB Services
 
Becoming a-filemaker-designer-in-60-minutes
Becoming a-filemaker-designer-in-60-minutesBecoming a-filemaker-designer-in-60-minutes
Becoming a-filemaker-designer-in-60-minutes
DB Services
 
Filemaker selling-design
Filemaker selling-designFilemaker selling-design
Filemaker selling-design
DB Services
 
Filemaker FMP URLs
Filemaker FMP URLsFilemaker FMP URLs
Filemaker FMP URLs
DB Services
 
Rename with Confidence – Building Dynamic FileMaker Systems
Rename with Confidence – Building Dynamic FileMaker SystemsRename with Confidence – Building Dynamic FileMaker Systems
Rename with Confidence – Building Dynamic FileMaker Systems
DB Services
 

More from DB Services (8)

2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
2020 and Beyond: Navigating Claris Transformations & Innovations Post-Pandemic
 
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
Claris Engage 2020, FileMaker Pro 19.1, and FileMaker Server 19.1
 
FileMaker 19 Overview | DB Services
FileMaker 19 Overview | DB ServicesFileMaker 19 Overview | DB Services
FileMaker 19 Overview | DB Services
 
Claris Connect Overview | DB Services
Claris Connect Overview | DB ServicesClaris Connect Overview | DB Services
Claris Connect Overview | DB Services
 
Becoming a-filemaker-designer-in-60-minutes
Becoming a-filemaker-designer-in-60-minutesBecoming a-filemaker-designer-in-60-minutes
Becoming a-filemaker-designer-in-60-minutes
 
Filemaker selling-design
Filemaker selling-designFilemaker selling-design
Filemaker selling-design
 
Filemaker FMP URLs
Filemaker FMP URLsFilemaker FMP URLs
Filemaker FMP URLs
 
Rename with Confidence – Building Dynamic FileMaker Systems
Rename with Confidence – Building Dynamic FileMaker SystemsRename with Confidence – Building Dynamic FileMaker Systems
Rename with Confidence – Building Dynamic FileMaker Systems
 

Recently uploaded

Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 

Recently uploaded (20)

Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 

Filemaker security-protect-your-data

  • 1. Michael Westendorf Senior Application Developer
 www.dbservices.com FILEMAKER SECURITY: PROTECT YOUR DATA
  • 2. Questions If you have a question, please typist it into the console. If we don’t get to your question, please send it to fba@dbservices.com
  • 3. Overview • Protecting your FileMaker file • FileMaker Server best practices • Basic techniques • Security industry trends • Checklist to securing your application
  • 4. About DB Services •We are a team of analysts, developers, and designers creating custom applications to make your organization more effective and efficient. Learn more about our FileMaker services on our website. •If you leave this presentation wanting learn more! Check out our FileMaker Blog where we post new content each month. •To learn more about DB Services, check out our website at www.dbservices.com
  • 5. Background Work Read more on me on our website, dbservices.com, in the About section • Sponsor at FileMaker Developer Conference • Member of FM Academy • Article included in FM Newsletter • Global presence (Canada, Europe, Africa, Asia) • Team focused on adding value • Senior Application Developer at
 DB Services • Certified in 12, 13, 14, 15 • Working with FileMaker for over 10 years
  • 6. Protecting Your File • Disable generic Admin full access account • Enable File Access Restrictions • Set min version in file options 
 (FileMaker 13) • Use External Authentication • Enable Encryption At Rest
  • 7. Protecting Your File External Authentication/single sign-on • Your organization already uses Active Directory or Open Directory • Your FileMaker files will be accessed by other files in a multi-file solution. • Your organization enforces minimum password standards.
 FileMaker can only enforce password length and frequency of changing password. • Note: Possible for someone to replicate your security group and gain access to data
  • 8. Protecting Your File Encrypt your file using a password phrase • Secures the file against domain replication • Prevents the file from being cracked
 with third party tools
  • 9. Protecting Your File Privilege Sets - Data Access and Design • Records • View, Edit, Create, Delete • Individual fields • Access to FM calc engine • Layouts • View, Edit existing layouts • Limit creation of new layouts • Disable record access • Value Lists • View, Edit existing lists • Limit Creation • Scripts • Execute or Edit • Limit creation
  • 10.
  • 11. Protecting Your File Privilege Sets - Extended Privileges • Limits how file is accessed • Network, WebDirect, ODBC,
 XML, PHP • You can create your own 
 to further extend your 
 application.
  • 12. Protecting Your File Privilege Sets - Other Privileges
 Limits access to • Printing • Exporting • Manage extended privileges • Allow user to override data validation warnings • Disconnect Idle users • Allow users to modify passwords • Password Requirements • Limiting menu commands
  • 13. Demo
  • 14. Best Practices • Encrypt sensitive data at field level by use of plug-ins
 http://www.dbservices.com/articles/filemaker-encryption- with-baseelements • Limit Plug-Ins • Prevent unwanted access from FM Advanced (Data Viewer) • Use guard clauses to prevent scripts from executing • Disable unnecessary layout modes, especially table view • Don’t use global variables as security flags/booleans
  • 15. Best Practices Custom Account Management • Awareness of Find behavior • Using Snapshot links • Create a custom No Access privilege set • More restrictive than read only
  • 16. Demo
  • 17. FileMaker Server Best Practices • Remove the sample file from the server • Hide individual files that are hosted on the server • List only the databases each user is authorized to access • Enable SSL and use a signed certificate • Disable Plug-In installation via a script step • Restrict access to Admin Console by IP address • Disable technologies not needed XML, PHP, ODBC • Enable client timeout
  • 18. General Security Topics • Interface level security in FM is not real security • Exports, table view, data viewer • Sanitize all data gathered on web forms • Encrypt your hard disk drives • Review server logs for potential attacks • Block unwanted IP’s that are trying to brute force their way in • Send sensitive information via encrypted emails. • Use 3rd party tools like Virtru to make this easier
  • 19. Security Industry Trends • Enhanced use of encryption • Resistance to cloud technology • Application penetration testing • Mobile security • Two step authentication
  • 20. Security Industry Trends Application penetration testing • Input Validation • Buffer Overflow • Cross Site Scripting • URL Manipulation • SQL Injection • Hidden Variable Manipulation • Cookie Modification • Authentication Bypass • Code Execution
  • 21. Security Checklist Check out the post on DB Services website to obtain the Security Checklist. https://www.dbservices.com/articles/filemaker-safety- checklist/
  • 22. Resources • FileMaker Security Guide
 http://www.filemaker.com/downloads/documentation/fm12_security_guide_en.pdf • An Exploit-Based Approach To Providing 
 FileMaker Platform Security - Steven Blackwell • FileMakerTalk Podcast, Episode 103: Security
  • 23. Q&A