reinforcing your enterprise with security architectures
TRANSCRIPT
![Page 1: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/1.jpg)
Reinforcing Your Enterprise With Security Architectures
S.UthaiyashankarVP Engineering, [email protected]
![Page 2: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/2.jpg)
The Problem…
• Security is a non-functional requirements• Very easy to make security holes• Knowledge on security is less
– Often people feel secure through obscurity• Too much of security will reduce usability• Security Patterns might help to reduce the risk
Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
![Page 3: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/3.jpg)
Security
• Authentication• Authorization• Confidentiality• Integrity• Non-repudiation• Auditing• Availability
Image source: http://coranet.com/images/network-security.png
![Page 4: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/4.jpg)
Authentication• Direct Authentication
– Basic Authentication– Digest Authentication– TLS Mutual Authentication– OAuth : Client Credentials
Service Providers
Authentication
Service ConsumptionImage Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
![Page 5: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/5.jpg)
Authentication• Brokered Authentication
– SAML– OAuth : SAML2/JWT grant type – OpenID
Service ProvidersService ProvidersService Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source: http://savepic.ru/6463149.gif
![Page 6: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/6.jpg)
Authentication• Single Sign On• Multi-factor Authentication
Service ProvidersService ProvidersService Providers
Identity Provider
Service Providers
Authentication
Service Consumption
Trust
Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
![Page 7: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/7.jpg)
Authentication• Identity Federation Pattern and Token Exchange
![Page 8: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/8.jpg)
Authentication• Identity Federation Pattern and Token Exchange
![Page 9: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/9.jpg)
Authentication• Identity Bus
![Page 10: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/10.jpg)
Authentication• Trusted Subsystem Pattern
Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
![Page 11: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/11.jpg)
Authentication• Multiple User stores
Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
![Page 12: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/12.jpg)
Provisioning
![Page 13: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/13.jpg)
Authorization• Principle of Least Privilege• Role based Access Control• Attribute based Access Control
– Policy based Access Control
Image source : http://cdn.meme.am/instances/500x/48651236.jpg
![Page 14: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/14.jpg)
Authorization• eXtensible Access Control Markup Language (XACML)
Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
![Page 15: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/15.jpg)
Confidentiality : Encryption• Transport Level• Message Level• Symmetric Encryption• Asymmetric Encryption• Session key based Encryption
Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
![Page 16: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/16.jpg)
Integrity : Digital Signatures• Transport Level• Message Level• Symmetric Signature• Asymmetric Signature• Session key based Signature
Image Source : http://memegenerator.net/instance2/4350097
![Page 17: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/17.jpg)
Non-repudiation: Digital Signatures• Message Level• Asymmetric Signature
Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
![Page 18: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/18.jpg)
Auditing• However secure you are,
people might make mistake• Collect the (audit) logs and
analyze for – Anomaly– Fraud
Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
![Page 19: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/19.jpg)
Availability• Network Level Measures• Throttling• Heart beat and hot pooling
Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
![Page 20: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/20.jpg)
Secure Deployment Pattern
Red Zone (Internet)
Firewall
Yellow Zone (DMZ)
Firewall
Green Zone (Internal)
Services, Database
API Gateway, Integration
Client Application
![Page 21: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/21.jpg)
Secure Deployment Pattern : More restricted
Red Zone (Internet)
Firewall
Yellow Zone (DMZ)
Firewall
Green Zone (Internal)
Services, Database
API Gateway, Integration, Message Broker
Client Application
![Page 22: Reinforcing Your Enterprise With Security Architectures](https://reader036.vdocument.in/reader036/viewer/2022062903/58ed44481a28ab18098b4573/html5/thumbnails/22.jpg)
Thank You