Cognos Application Firewall
Cognos Configuration allows you configure the properties to enable protection against penetration vulnerabilities, and it acts as a smart proxy for the Cognos product gateways and dispatchers. CAF works to help prevent the C8 environment from processing malicious data.
IBM Cognos Application Firewall (CAF) is a security tool used to supplement the existing IBM Cognos 8 security infrastructure at the application level.
All computers where IBM Cognos 8 Application Tier Components are installed must have the same firewall settings. All Cognos Application Firewall settings must be the same for all computers where IBM Cognos Application Tier Components are installed within a distributed environment.
CAF analyzes, modifies, and validates HTTP and XML requests before the gateways or dispatchers process them, and before they are sent to the requesting client or service.
IBM Cognos Application Firewall validates domain and host names to protect URLs that are created. IBM Cognos Application Firewall considers domain names derived from the environment configuration properties to be safe domain names. You can add names manually to the list of valid domains and hosts. Adding names is useful when you must redirect requests to non-IBM Cognos computers using the Back or Cancel functions in the Web browser.
The Cognos Application Firewall will prevent any non-administrative user from ever seeing the actual details of any error message generated by the system. This prevents users from obtaining potentially damaging information from detailed error messages, which often contain application and database server names
The Cognos Application Firewall also provides parameter signing, where a unique key or signature is generated and appended to report parameters by the application when a URL is constructed. Those signatures are then checked by the dispatcher when it receives the request to ensure that it originated from a trusted source and were not tampered with between the client and the application.
The CAF presents itself to users and administrators in a number of ways during day to day operations. It’s important to properly configure the CAF in a way that enhances system security but does not inhibit productivity, and as always, a large part of this equation is proper user education.