book

IBM Business Process Manager Security: Concepts and Guidance

Name: IBM Business Process Manager Security: Concepts and Guidance
ISBN: 0738437263

by J Keith Wood, Jens Engelke

September 2012

Intermediate to advanced

162 pages

4h 15m

English

IBM Redbooks

Read now

Unlock full access

Notices
Trademarks
Preface
The team who wrote this book
Now you can become a published author, too!
Comments welcomeStay connected to IBM Redbooks
Chapter 1: Why Business Process Manager security is important
BPM is your corporate DNA
Business Process Manager users have access
Business Process Manager has unique security considerations
Basic concepts
Business Process Manager
WebSphere Application Server

Business Process Manager administration tools
Installation options
Encryption, SSL, and certificates
Encryption
Symmetric and asymmetric keys
SSL and digital certificates
Certificate authorities
Chapter 2: Installation
Business Process Manager and WebSphere Application Server topologies
Basic concepts
Complex realities
Common security holes
Faith in firewalls
Failure to use SSL between BPM and database server
Failure to encrypt data at rest
Failure to use SSL between Process Center and Process Server
Overuse of default Business Process Manager accounts
Overuse of trust in certificate authorities
Chapter 3: Authentication: Who has access
Subjects and Principals
WebSphere user registry
Flat-file repositories
LDAP repositories
Custom software repository
Federated repositories
Common security holes
Weak password policies
Failure to change default passwords
Faith in firewalls
Insecure LDAP connections
Insecure SSO solutions
Chapter 4: Authorization: Access to what
Groups versus roles
Grouping mechanisms
LDAP groups
VMM security groups
Process Admin Console and private groups (1/2)
Process Admin Console and private groups (2/2)
Process Designer swimlanes and participant groups
Mapping roles to groups (1/2)
Mapping roles to groups (2/2)
Review and summary
Administrative access
Granting access to Process Designer (1/2)
Granting access to Process Designer (2/2)
Review and summary
Instance-based authorization
Common security holes
Overuse of administrator privileges
Failure to map participant groups
Overpopulation of groups
Overuse of tw_authors, tw_admins
Faith in firewalls
Chapter 5: Integration: Working with others
Business Process Manager Standard Edition versus Advanced Edition
Business Process Manager Standard Edition outbound web services
Using Web Service Integration (1/3)
Using Web Service Integration (2/3)
Using Web Service Integration (3/3)
Using SOAP Integration
Using Java Integration
Business Process Manager Standard Edition inbound web services
Steps to create inbound web service (1/2)
Steps to create inbound web service (2/2)
Review and summary
Securing the inbound web service
Business Process Manager Advanced Edition web services options
Common security holes
Failure to secure web services passwords
Faith in firewalls
Related publications
IBM Redbooks publicationsOther publications
Help from IBM
Back cover

Overview

This IBM® Redbooks® publication provides information about security concerning an organization’s business process management (BPM) program, about common security holes that often occur in this field, and describes techniques for rectifying these holes. This book documents preferred practices and common security hardening exercises that you can use to achieve a reasonably well-secured BPM installation.

Many of the practices described in this book apply equally to generic Java Platform and Enterprise Edition (J2EE) applications, as well as to BPM. However, it focuses on aspects that typically do not receive adequate consideration in actual practice. Also, it addresses equally the BPM Standard and BPM Advanced Editions, although there are topics inherent in BPM Advanced that we considered to be out of scope for this book.

This book is not meant as a technical deep-dive into any one topic, technology, or philosophy. IBM offers a variety of training and consulting services that can help you to understand and evaluate the implications of this book’s topic in your own organization.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

IBM Business Process Manager Operations Guide

Publisher Resources

ISBN: 0738437263Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills