Date post: | 04-Dec-2014 |
Category: |
Technology |
Upload: | bob-rhubart |
View: | 1,555 times |
Download: | 0 times |
<Insert Picture Here>
OTN Architect Day Security Breakout Session
Dave Chappelle
24 October 2011
Rationalization and
Defense in Depth -
Two Steps Closer to
the Clouds
OTN Architect Day 2011
Perimeter Security
Firewall
Web Server
(app Proxy)
Firewall
Application
Server
DB
Message
Queue
Mainframe
Application
DB
Client
Unprotected Zone Perimeter Protected Zone(s)
DMZ
All network traffic
blocked except for
specific ports.
All network traffic blocked
except from the proxy.
• Can establish multiple perimeters
• Each perimeter can be more restrictive
• Perimeters can be at varying degrees of granularity
• Alone, often involves a lot of implied trust
• Modern environments don’t have such a clearly
defined perimeter
OTN Architect Day 2011
DB
Defense in Depth
• Military defensive strategy to secure
a position using multiple defense
mechanisms.
• Less emphasis is placed on a single
perimeter wall
• Several barriers and different types
of fortifications
• Objective is to win the battle by
attrition. The attacker may overcome
some barriers but can’t sustain the
attack for such a long period of time.
"Krak des Chavaliers“, Syria
OTN Architect Day 2011
Data
Several Layers of Defense
Application
Host
Internal Network
Perimeter
Physical
Policies, Procedures, & Awareness
Each layer introduces
additional security
measures
Each layer can contain
multiple levels of
control
OTN Architect Day 2011
Defense in Depth: Greater Control
Policies & Procedures
Physical
Perimeter
Internal Network
Host
Application / Service
Data
Consistent set of policies & procedures
Many enforcement points
OTN Architect Day 2011
Finance
Sales
Support
End User
Security Administrator
Security Auditor
!
!
?
Security Silos
• Application silos with their own
standalone security architecture
• Integration is hard enough
without security
• End users have many
logins & passwords
• Administration is time-
consuming and error-prone
• Auditing is inaccurate
and/or impossible
OTN Architect Day 2011
Finance
Sales
Support
End User Security Administrator
Security Auditor
Security
Framework
Security Framework
• Security is part of the foundation,
not an inconvenient afterthought
• Users have one
identity and a set of
roles & attributes that
govern access
• Administration
operator-centric, not
system-centric
• Auditing is possible
and realistic
OTN Architect Day 2011
Enterprise Security Framework
Security Interfaces
Security Framework High Level Architecture
OTN Architect Day 2011
Information Processing:
• Provides a secure run-time environment
• Offer security services to business logic
• Allow solution-level security admin
Information Management:
• Provides confidentiality, integrity, and
availability for information management
• Allow db-level security administration
Security Framework:
• Provides shared security services
• Manage security data for the enterprise
• Allow enterprise-level security admin
Security Interfaces:
• Provide consistent access to security
services
• Embrace open, common industry
standards
Information
Processing
Security Services
Business
Logic
De
ve
lop
me
nt
&
Ad
min
istr
ati
on
Information
Management
Security Services
Desig
n &
Ad
min
istr
ati
on
Information
Shared Security Services
Security Management & Administration
Enterprise Security Information
Platform Security Plug-in Framework
Security Providers
Protected Resources
Business Logic
Web Pages
Container
Security Services
Authentication Authorization
Auditing Encryption
Credential Mapping
Role Mapping …
Standard Security APIs & Libraries
Container-Based Computing Platform
• Container enforces security on behalf
of the protected resources
• Access to security services via
standard APIs & libraries
• Plug-in framework allows one to
configure multiple providers for each
security service
• Providers may be selected and
configured based on the needs of the
solution
• Providers can be included with the
platform or custom written for a
specific purpose
OTN Architect Day 2011
Client
Inbound
Requests
Database Platform Security
OTN Architect Day 2011
Information
Management
Security Services
De
sig
n &
Ad
min
istr
ati
on
Information
• Transactional
• Historical
• Unstructured
• Audit
• Security
Administrative
• Access Control
• SoD Rules & Controls
• Realms
• Auditing
Encryption & Masking
• Network
• Persistence
• Backup
• Dev & Test Masking
Access Control
• Multi-Factor AuthN
• Label Security
• Table Policies
• Connection Id
Auditing & Availability
• Central collection & control
• Local online archive
Firewall
• SQL inspection & rejection
Security Framework
Services:
Security
Information:
Administration &
Management:
Security Framework
Users &
Identity
OTN Architect Day 2011
Federation Authentication
Authorization WSS Policy
Key Mgmt Self Service
SSO Attribute Audit
Federated
Identities
Groups
& Roles
Access
Policies
WSS
Policies
Audit
Logs
Certs
& Keys
Identity Management
• UIs & APIs
• Approval Workflows
• Provisioning Workflows
• System Integration
Directory Management
• Synchronization
• Virtualization
• Change Detection & Alerts
• Reconciliation
Governance
• Attestation
• Risk Analysis
• Reporting
• Auditing
Key Management
Authentication
Policy
Management
Access
Policy
Management
Role Management
Policy Manager
App Server App Server
Service
Consumer
Service
Provider
WSS
Agent
WSS
Agent
Platform Security Id CM Platform Security Id AAA
DMZ Firewalls
WSS
Gateway
External
Consumer
Legacy
Service
Provider
Security
Token
Service
Mediation
WSS Agent
Platform
Security
AuthN
Service
AuthZ
Service
Audit
Service
DB
SOA Scenario
OTN Architect Day 2011
Before
You
Leap…
OTN Architect Day 2011
Jumping to Cloud
(Some of) The Good…
• Cloud providers have a deep vested interest in
security
• Must prove themselves to the market
• Often much greater investment and attention to detail than
traditional IT
• Cloud homogeneity makes security auditing/testing
simpler
• Shifting public data to an external cloud
reduces the exposure of the internal
sensitive data
• Data held by an unbiased party
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
OTN Architect Day 2011
…The Bad…
• Multi-tenancy; need for isolation management
• High value target for hackers
• Fragmentation; creation of more silos
• Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program
• Exposure of data to foreign government and data subpoenas
• Data retention issues
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
OTN Architect Day 2011
…& The Ugly
• Trusting another vendor’s security model
• Proprietary implementations
• Audit & compliance
• Availability: Relying on a vendor to stay in business
http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
OTN Architect Day 2011
Provider
A
SaaS Patterns
OTN Architect Day 2011
Authentication Authorization
Access Policy
Management
Identity
Management
Provider
B
Provider
C
Provider
D
Authorization
Access Policy
Management
SAML
User id & attributes
Authorization
Access Policy
Management
Identity
Management
SPML
SAML
User Id
Authorization
Access Policy
Management
Authentication
Identity
Management
STS
SAML, WS-Trust,
WS-Federation
Recommendations
1. Assess your risks
2. Classify your information
3. Define policies and procedures
4. Maintain most sensitive data in house
5. Don’t outsource your security management
6. Follow a security architecture / roadmap
7. Design patterns for cloud computing
8. Choose a secure platform
OTN Architect Day 2011
Takeaways (Cloud or not)
Deploy Defense in Depth
• Good general strategy to protect highly distributed
systems (SOA, BPM, Cloud, etc.)
• Limit your risks
Rationalize & Consolidate
• Standardized frameworks, services, & technologies
• Implement processes & policies
Plan Ahead
• Classification strategy: know your systems & data
• Cloud strategy: know your options & vendors
• Risk management: choose wisely & CYA
Visit the ITSO Reference Library at www.oracle.com/goto/itstrategies