SlideShare ist ein Scribd-Unternehmen logo

Reinforcing Your Enterprise With Security Architectures

Als PPTX, PDF herunterladen
U
Uthaiyashankar

The document discusses various security architectures and patterns that can reinforce an enterprise's security. It covers authentication methods like direct authentication, brokered authentication, and single sign-on. It also discusses authorization techniques like role-based access control and attribute-based access control. Additionally, it outlines ways to ensure confidentiality through encryption, integrity through digital signatures, non-repudiation also using digital signatures, auditing to detect anomalies and fraud, and patterns for availability and secure deployment with demilitarized zones and firewalls. The document provides an overview of important security concepts and architectures that can help reduce risk within an enterprise.

Software
1 von 22
Reinforcing Your Enterprise With Security Architectures S.Uthaiyashankar VP Engineering, WSO2 shankar@wso2.com
The Problem… • Security is a non-functional requirements • Very easy to make security holes • Knowledge on security is less – Often people feel secure through obscurity • Too much of security will reduce usability • Security Patterns might help to reduce the risk Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
Security • Authentication • Authorization • Confidentiality • Integrity • Non-repudiation • Auditing • Availability Image source: http://coranet.com/images/network-security.png
Authentication • Direct Authentication – Basic Authentication – Digest Authentication – TLS Mutual Authentication – OAuth : Client Credentials Service Providers Authentication Service Consumption Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
Authentication • Brokered Authentication – SAML – OAuth : SAML2/JWT grant type – OpenID Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source: http://savepic.ru/6463149.gif
Authentication • Single Sign On • Multi-factor Authentication Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
Authentication • Identity Federation Pattern and Token Exchange
Authentication • Identity Federation Pattern and Token Exchange
Authentication • Identity Bus
Authentication • Trusted Subsystem Pattern Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
Authentication • Multiple User stores Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
Provisioning
Authorization • Principle of Least Privilege • Role based Access Control • Attribute based Access Control – Policy based Access Control Image source : http://cdn.meme.am/instances/500x/48651236.jpg
Authorization • eXtensible Access Control Markup Language (XACML) Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
Confidentiality : Encryption Transport Level Security vs Message Level Security • Transport Level • Message Level • Symmetric Encryption • Asymmetric Encryption • Session key based Encryption Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
Integrity : Digital Signatures • Transport Level • Message Level • Symmetric Signature • Asymmetric Signature • Session key based Signature Image Source : http://memegenerator.net/instance2/4350097
Non-repudiation: Digital Signatures • Message Level • Asymmetric Signature Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
Auditing • However secure you are, people might make mistake • Collect the (audit) logs and analyze for – Anomaly – Fraud Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
Availability • Network Level Measures • Throttling • Heart beat and hot pooling Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
Secure Deployment Pattern Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration Client Application
Secure Deployment Pattern : More restricted Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration, Message Broker Client Application
Thank You

Empfohlen

Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud StrategyUthaiyashankar
 
Identity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationIdentity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationUthaiyashankar
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identityAndre N. Klingsheim
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureVinod Wilson
 
IAM Cloud
IAM CloudIAM Cloud
IAM CloudAidy Tificate
 
Wif and sl4 (en)
Wif and sl4 (en)Wif and sl4 (en)
Wif and sl4 (en)Nuno Godinho
 
The lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationThe lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationLev Maltsev
 
Trust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityTrust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
 

Empfohlen

Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud StrategyUthaiyashankar
 
Identity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationIdentity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationUthaiyashankar
 
Federated and fabulous identity
Federated and fabulous identityFederated and fabulous identity
Federated and fabulous identityAndre N. Klingsheim
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureVinod Wilson
 
IAM Cloud
IAM CloudIAM Cloud
IAM CloudAidy Tificate
 
Wif and sl4 (en)
Wif and sl4 (en)Wif and sl4 (en)
Wif and sl4 (en)Nuno Godinho
 
The lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationThe lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationLev Maltsev
 
Trust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityTrust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authenticationMecklerMedia
 
IT-Security@Contemporary Life
IT-Security@Contemporary LifeIT-Security@Contemporary Life
IT-Security@Contemporary LifeOliver Pfaff
 
Identity Management
Identity ManagementIdentity Management
Identity ManagementVenkatesh Jambulingam
 
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...Robin Vermeirsch
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryEducationTamil
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
About Microservices
About MicroservicesAbout Microservices
About MicroservicesSalvatore Cordiano
 
Road to Microservices
Road to MicroservicesRoad to Microservices
Road to MicroservicesSalvatore Cordiano
 
Enterprise Collaboration - 4
Enterprise Collaboration - 4Enterprise Collaboration - 4
Enterprise Collaboration - 4Nitin Kohli
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
SwellRT: Facilitating decentralized real-time collaboration
SwellRT: Facilitating decentralized real-time collaborationSwellRT: Facilitating decentralized real-time collaboration
SwellRT: Facilitating decentralized real-time collaborationSamer Hassan
 
OAuth
OAuthOAuth
OAuthIván Fernández Perea
 
Securing Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDSecuring Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDForgeRock
 
Duo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletDuo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletAmir Yunas
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CloudIDSummit
 
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCloudIDSummit
 

Weitere ähnliche Inhalte

Was ist angesagt?

Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authenticationMecklerMedia
 
IT-Security@Contemporary Life
IT-Security@Contemporary LifeIT-Security@Contemporary Life
IT-Security@Contemporary LifeOliver Pfaff
 
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...Robin Vermeirsch
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
Azure active directory
Azure active directoryAzure active directory
Azure active directoryEducationTamil
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
Enterprise Collaboration - 4
Enterprise Collaboration - 4Enterprise Collaboration - 4
Enterprise Collaboration - 4Nitin Kohli
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
SwellRT: Facilitating decentralized real-time collaboration
SwellRT: Facilitating decentralized real-time collaborationSwellRT: Facilitating decentralized real-time collaboration
SwellRT: Facilitating decentralized real-time collaborationSamer Hassan
 
Securing Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDSecuring Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDForgeRock
 
Duo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletDuo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletAmir Yunas
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 

Was ist angesagt? (20)

Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authentication
 
IT-Security@Contemporary Life
IT-Security@Contemporary LifeIT-Security@Contemporary Life
IT-Security@Contemporary Life
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloud
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applications
 
About Microservices
About MicroservicesAbout Microservices
About Microservices
 
Road to Microservices
Road to MicroservicesRoad to Microservices
Road to Microservices
 
Enterprise Collaboration - 4
Enterprise Collaboration - 4Enterprise Collaboration - 4
Enterprise Collaboration - 4
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise Mobility
 
SwellRT: Facilitating decentralized real-time collaboration
SwellRT: Facilitating decentralized real-time collaborationSwellRT: Facilitating decentralized real-time collaboration
SwellRT: Facilitating decentralized real-time collaboration
 
OAuth
OAuthOAuth
OAuth
 
Securing Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital IDSecuring Access Through a Multi-Purpose Credential and Digital ID
Securing Access Through a Multi-Purpose Credential and Digital ID
 
Duo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin WalletDuo MFA integration with CoinJar Bitcoin Wallet
Duo MFA integration with CoinJar Bitcoin Wallet
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 

Andere mochten auch

CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CloudIDSummit
 
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCloudIDSummit
 
WSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto PlatformWSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto PlatformRoger CARHUATOCTO
 
OAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of UsOAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of UsBrian Campbell
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
Authorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsAuthorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsLeanIX GmbH
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesRadovan Semancik
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014Nov Matake
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarBrian Campbell
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 

Andere mochten auch (12)

CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?
 
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
 
WSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto PlatformWSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto Platform
 
OAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of UsOAuth 2.0 Token Exchange: An STS for the REST of Us
OAuth 2.0 Token Exchange: An STS for the REST of Us
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
 
Ldap intro
Ldap introLdap intro
Ldap intro
 
Authorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice EnvironmentsAuthorization and Authentication in Microservice Environments
Authorization and Authentication in Microservice Environments
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory Services
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 

Ähnlich wie Reinforcing Your Enterprise With Security Architectures

WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security ArchitecturesWSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security ArchitecturesWSO2
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
Ian Connelly - Customer service and the dark side updated
Ian Connelly - Customer service and the dark side updatedIan Connelly - Customer service and the dark side updated
Ian Connelly - Customer service and the dark side updateditSMF UK
 
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT StrategyWSO2
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architectureThe Software House
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Security Conference
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfInfosec Train
 

Ähnlich wie Reinforcing Your Enterprise With Security Architectures (20)

WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security ArchitecturesWSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
 
IoT Lockdown
IoT LockdownIoT Lockdown
IoT Lockdown
 
Unit 5
Unit 5Unit 5
Unit 5
 
Ian Connelly - Customer service and the dark side updated
Ian Connelly - Customer service and the dark side updatedIan Connelly - Customer service and the dark side updated
Ian Connelly - Customer service and the dark side updated
 
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architecture
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
 
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Electronic security
Electronic securityElectronic security
Electronic security
 
Electronic Security
Electronic SecurityElectronic Security
Electronic Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 

Kürzlich hochgeladen

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Kürzlich hochgeladen (20)

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

Reinforcing Your Enterprise With Security Architectures

  • 1. Reinforcing Your Enterprise With Security Architectures S.Uthaiyashankar VP Engineering, WSO2 shankar@wso2.com
  • 2. The Problem… • Security is a non-functional requirements • Very easy to make security holes • Knowledge on security is less – Often people feel secure through obscurity • Too much of security will reduce usability • Security Patterns might help to reduce the risk Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
  • 3. Security • Authentication • Authorization • Confidentiality • Integrity • Non-repudiation • Auditing • Availability Image source: http://coranet.com/images/network-security.png
  • 4. Authentication • Direct Authentication – Basic Authentication – Digest Authentication – TLS Mutual Authentication – OAuth : Client Credentials Service Providers Authentication Service Consumption Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
  • 5. Authentication • Brokered Authentication – SAML – OAuth : SAML2/JWT grant type – OpenID Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source: http://savepic.ru/6463149.gif
  • 6. Authentication • Single Sign On • Multi-factor Authentication Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
  • 7. Authentication • Identity Federation Pattern and Token Exchange
  • 8. Authentication • Identity Federation Pattern and Token Exchange
  • 10. Authentication • Trusted Subsystem Pattern Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
  • 11. Authentication • Multiple User stores Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
  • 13. Authorization • Principle of Least Privilege • Role based Access Control • Attribute based Access Control – Policy based Access Control Image source : http://cdn.meme.am/instances/500x/48651236.jpg
  • 14. Authorization • eXtensible Access Control Markup Language (XACML) Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
  • 15. Confidentiality : Encryption Transport Level Security vs Message Level Security • Transport Level • Message Level • Symmetric Encryption • Asymmetric Encryption • Session key based Encryption Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
  • 16. Integrity : Digital Signatures • Transport Level • Message Level • Symmetric Signature • Asymmetric Signature • Session key based Signature Image Source : http://memegenerator.net/instance2/4350097
  • 17. Non-repudiation: Digital Signatures • Message Level • Asymmetric Signature Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
  • 18. Auditing • However secure you are, people might make mistake • Collect the (audit) logs and analyze for – Anomaly – Fraud Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
  • 19. Availability • Network Level Measures • Throttling • Heart beat and hot pooling Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
  • 20. Secure Deployment Pattern Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration Client Application
  • 21. Secure Deployment Pattern : More restricted Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration, Message Broker Client Application