Maximo

Does anyone know of any White Paper like documents that detail how Maximo is secured? I have a client that needs to open the maximo-x app up to the world with Guest access and we have concerns about what vulnerability this may expose their core Maximo database to? I am also concerned about if it protects against DNS attacks or such?

Opening ports and the app in the clients firewall has many risks and we need to know what IBM does to protect it. We opened a ticket with IBM asking and they were no help. It seems like they are certified secure by Federal Government so I would have thought this had to be documented to get such certification.

Any help would be greatly appreciated.

Thanks,

------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------

#Maximo
#AssetandFacilitiesManagement

Hi David,

I'm not aware of any white papers on this topic, some of what you're asking are beyond simple WebSphere config (DDoS/DNS attacks).

I would recommend the WebSphere STIG checklist from NIST (National Institute of Standards and Technology) as a starting point for hardening WebSphere. There are definitely some checklist items that could break Maximo or impact performance, so obviously you want to start this on a Dev environment.

The other thing I'd recommend you consider is something like Microsoft's Azure AD Application Proxy. The short description is that it uses a software agent to proxy on-prem apps out to the public Internet. This allows Microsoft's cloud to serve as a buffer between clients and your web server, protecting you against DDoS attacks. You also have the option to require users authenticate (using Azure AD) before any sort of traffic hits your web server.

Hopefully that's helpful. Happy to discuss further.

------------------------------
Tim Ferrill
Solutions Consultant
Intelligent Technology Solutions
tferrill@webuildits.com
www.webuildits.com
@tferrill/@webuildits
------------------------------

Original Message:
Sent: Wed September 21, 2022 08:02 AM
From: David Miller
Subject: Maximo Open to the World?

Does anyone know of any White Paper like documents that detail how Maximo is secured? I have a client that needs to open the maximo-x app up to the world with Guest access and we have concerns about what vulnerability this may expose their core Maximo database to? I am also concerned about if it protects against DNS attacks or such?

Opening ports and the app in the clients firewall has many risks and we need to know what IBM does to protect it. We opened a ticket with IBM asking and they were no help. It seems like they are certified secure by Federal Government so I would have thought this had to be documented to get such certification.

Any help would be greatly appreciated.

Thanks,

------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------

#AssetandFacilitiesManagement
#Maximo

Thanks for your reply...

------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------

Original Message:
Sent: Thu September 22, 2022 10:53 AM
From: Tim Ferrill
Subject: Maximo Open to the World?

Hi David,

I'm not aware of any white papers on this topic, some of what you're asking are beyond simple WebSphere config (DDoS/DNS attacks).

I would recommend the WebSphere STIG checklist from NIST (National Institute of Standards and Technology) as a starting point for hardening WebSphere. There are definitely some checklist items that could break Maximo or impact performance, so obviously you want to start this on a Dev environment.

The other thing I'd recommend you consider is something like Microsoft's Azure AD Application Proxy. The short description is that it uses a software agent to proxy on-prem apps out to the public Internet. This allows Microsoft's cloud to serve as a buffer between clients and your web server, protecting you against DDoS attacks. You also have the option to require users authenticate (using Azure AD) before any sort of traffic hits your web server.

Hopefully that's helpful. Happy to discuss further.

------------------------------
Tim Ferrill
Solutions Consultant
Intelligent Technology Solutions
tferrill@webuildits.com
www.webuildits.com
@tferrill/@webuildits

Original Message:
Sent: Wed September 21, 2022 08:02 AM
From: David Miller
Subject: Maximo Open to the World?

Does anyone know of any White Paper like documents that detail how Maximo is secured? I have a client that needs to open the maximo-x app up to the world with Guest access and we have concerns about what vulnerability this may expose their core Maximo database to? I am also concerned about if it protects against DNS attacks or such?

Opening ports and the app in the clients firewall has many risks and we need to know what IBM does to protect it. We opened a ticket with IBM asking and they were no help. It seems like they are certified secure by Federal Government so I would have thought this had to be documented to get such certification.

Any help would be greatly appreciated.

Thanks,

------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------

#AssetandFacilitiesManagement
#Maximo

Hi David,

I am not across any white paper suggesting Maximo is secure in the open internet.
Still, I know a number of clients who have internet accessible Maximo.
I will suggest using CDN and WAF services from different cloud providers or software as a layer of protection against DDOS and Web attacks. Using a proxy server as suggested by Tim  also adds security in the customer's firewall configuration.
CDNs will also enable you to restrict the access to a particular geography.

Thanks,

------------------------------
Biplab Choudhury
IBM Champion 2022
Senior Consultant
BPD Zenith
Melbourne
------------------------------

Original Message:
Sent: Wed September 21, 2022 08:02 AM
From: David Miller
Subject: Maximo Open to the World?

Does anyone know of any White Paper like documents that detail how Maximo is secured? I have a client that needs to open the maximo-x app up to the world with Guest access and we have concerns about what vulnerability this may expose their core Maximo database to? I am also concerned about if it protects against DNS attacks or such?

Opening ports and the app in the clients firewall has many risks and we need to know what IBM does to protect it. We opened a ticket with IBM asking and they were no help. It seems like they are certified secure by Federal Government so I would have thought this had to be documented to get such certification.

Any help would be greatly appreciated.

Thanks,

------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------

#Maximo
#AssetandFacilitiesManagement

It sounds as though your greatest challenge is that you want to allow Guest access from the world.  Our environment is open to the world but we use Azure AD SSO authentication (+ some MDM stuff for our mobile devices).  We use the Azure proxy service as Tim mentions for other internal applications, but again this is based on a userid/password secured by Azure AD.  Advice from Tim and Biplab sound like a great start to try to secure your end point(s), but I too would be concerned about what vulnerabilities you may expose doing this yourself.  Would certainly recommend getting some penetration testing done prior to opening it up fully.

Regards,

------------------------------
Scott Taylor
Specialist Business Systems
Port Waratah Coal Services
------------------------------

Original Message:
Sent: Wed September 21, 2022 08:02 AM
From: David Miller
Subject: Maximo Open to the World?

Does anyone know of any White Paper like documents that detail how Maximo is secured? I have a client that needs to open the maximo-x app up to the world with Guest access and we have concerns about what vulnerability this may expose their core Maximo database to? I am also concerned about if it protects against DNS attacks or such?

Opening ports and the app in the clients firewall has many risks and we need to know what IBM does to protect it. We opened a ticket with IBM asking and they were no help. It seems like they are certified secure by Federal Government so I would have thought this had to be documented to get such certification.

Any help would be greatly appreciated.

Thanks,

------------------------------
David Miller
Managing Partner - Maximo Consultant
Enterprise Integration Partners LLC
------------------------------

#Maximo
#AssetandFacilitiesManagement