reinforcing your enterprise with security architectures
Post on 12-Apr-2017
264 Views
Preview:
TRANSCRIPT
Reinforcing Your Enterprise With Security Architectures
S.UthaiyashankarVP Engineering, WSO2shankar@wso2.com
The Problem…
• Security is a non-functional requirements• Very easy to make security holes• Knowledge on security is less
– Often people feel secure through obscurity• Too much of security will reduce usability• Security Patterns might help to reduce the risk
Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
Security
• Authentication• Authorization• Confidentiality• Integrity• Non-repudiation• Auditing• Availability
Image source: http://coranet.com/images/network-security.png
Authentication• Direct Authentication
– Basic Authentication– Digest Authentication– TLS Mutual Authentication– OAuth : Client Credentials
Service Providers
Authentication
Service ConsumptionImage Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
Authentication• Brokered Authentication
– SAML– OAuth : SAML2/JWT grant type – OpenID
Service ProvidersService ProvidersService Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source: http://savepic.ru/6463149.gif
Authentication• Single Sign On• Multi-factor Authentication
Service ProvidersService ProvidersService Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
Authentication• Identity Federation Pattern and Token Exchange
Authentication• Identity Federation Pattern and Token Exchange
Authentication• Identity Bus
Authentication• Trusted Subsystem Pattern
Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
Authentication• Multiple User stores
Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
Provisioning
Authorization• Principle of Least Privilege• Role based Access Control• Attribute based Access Control
– Policy based Access Control
Image source : http://cdn.meme.am/instances/500x/48651236.jpg
Authorization• eXtensible Access Control Markup Language (XACML)
Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
Confidentiality : Encryption• Transport Level• Message Level• Symmetric Encryption• Asymmetric Encryption• Session key based Encryption
Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
Integrity : Digital Signatures• Transport Level• Message Level• Symmetric Signature• Asymmetric Signature• Session key based Signature
Image Source : http://memegenerator.net/instance2/4350097
Non-repudiation: Digital Signatures• Message Level• Asymmetric Signature
Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
Auditing• However secure you are,
people might make mistake• Collect the (audit) logs and
analyze for – Anomaly– Fraud
Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
Availability• Network Level Measures• Throttling• Heart beat and hot pooling
Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
Secure Deployment Pattern
Red Zone (Internet)
Firewall
Yellow Zone (DMZ)
Firewall
Green Zone (Internal)
Services, Database
API Gateway, Integration
Client Application
Secure Deployment Pattern : More restricted
Red Zone (Internet)
Firewall
Yellow Zone (DMZ)
Firewall
Green Zone (Internal)
Services, Database
API Gateway, Integration, Message Broker
Client Application
Thank You
top related