SlideShare a Scribd company logo
IT Architect Regional Conference 2007



Architecting Enterprise Security
David Chou
Architect, Microsoft
david.chou@microsoft.com
http://blogs.msdn.com/dachou
Environments Today Look Like…




Source: The Walt Disney Company
Enterprise Security Concerns
Governance
• Policies
• Standards          SOA?
• Procedures
• Auditing
• Personnel
etc.




Infrastructure          Applications
• Physical              • Access Control
• Perimeter             • Data Protection
• Network               • Data Encryption
• Hardware              • Platform
• Identity Mgmt         • Integration
etc.                    etc.
SOA Brings Changes
•   Imperative to Connect
•   Networks Without Borders
•   Mass Volume Real-Time Communications
•   Integration Layer Concerns
•   Inter-Dependencies Amplified
•   Existing Issues Magnified
•   New Issues Created
•   Changing Nature of the Threat
    Environment
SOA Brings       Questions
                         Impersonation /
       Trust                 Delegation
 System Identities     End User Identities
  Message-Layer          Transport-Layer
Identity Federation   Replicated Databases
Centralized Shared    Distributed Decision
   Infrastructure       Enforcement Points
Endpoint (Overlay)     Intelligent Network
End-to-End Context    Peer-to-Peer Context
Information-Centric Security
•   Availability
•   Confidentiality
•   Integrity
•   Accountability
•   Identity and Access
    Management
•   Audit
•   Governance            Trustworthy
•   Business Continuity   Computing
•   Security by Design
Availability
• System Reliability               • Web Services Security
• Threat Protection                  Gateway (XML Appliance)
   –   Message alteration          • Enterprise Service Bus
   –   Data theft                  • Custom Component
   –   Falsified messages
   –   “Man in the middle”
   –   Principal spoofing
                                 • Schema Poisoning
   –   Forged claims             • XML Parameter Tampering
                                 • Inadvertent XML DoS
   –   Malformed XML content     • WSDL Scanning
                                 • Oversized Payload
   –   Denial of Service (DoS)   • Recursive Payload
                                 • XML Routing Detours
• Vulnerability Mitigation       • SQL Injection
                                 • External Entity Attack
                                 • Malicious Code Injection
                                 •Identity Centric Attack
Confidentiality
• Data Privacy    • Transport-Layer Security
                    (SSL, TLS, IPSec)
                  • XML Content Encryption
                    (W3C XML Enc spec)
                  • XML Encryption (W3C XML
                    Enc spec):
                     •   Block encryption (3DES, AES-128,
                         AES-256)
                     •   Key transport (RSA-v1.5, RSA-OAEP)
                     •   Key wrapping (3DES, AES128, AES-
                         256)
                  • WS-Security (Oasis spec
                    v1.1 Feb 2006; v1.0 Apr
                    2004)
Integrity
• Data Assurance   • XML Message Digest (W3C
                     XML Enc and DSig specs)
                   • WS-Security
Accountability
• Non-Repudiation   • XML Digital Signature
                      (W3C XML Enc and DSig
                      specs)
                    • WS-Security
Identity and Access Management
• User Authentication      • Transport-Layer Security
• Authorization & Access   • Message-Layer Security
  Control                  • XACML (eXtensible Access
• Trust & Federation         Control Markup Language)
                             2.0
                           • WSI Basic Security Profile
                             (WSI spec v1.0 March
                             2006)
                           • Web Services Security
                             Appliances
                           • Enterprise Service Bus
Audit
• Tracking     • XML Digital Signature
• Monitoring     (W3C XML DSig spec)
• Reporting    • Digital Certificates (X.509,
                 PKI, etc.)
               • Timestamps (network time
                 synchronization)
               • Service Intermediaries
                 (Web Services Security
                 Appliances, Enterprise
                 Service Bus, etc.)
Security Architecture Policies (for example)
•   Implement Threat Protection
•   Implement Transport-Layer Security
•   Implement Service Virtualization
•   Externalize & Centralize Security Management
•   Authenticate All Messages
•   Authorize All Messages
•   Audit All Messages
•   Sign All Messages
•   Encrypt Confidential Content
•   Implement Standards-Based Security
Implement Threat Protection
 •   Motivations
      – Supports Availability and Risk Aggregation
 •   Level 1
      – Implement centralized protection against Denial of Service (DoS) attacks (floods, buffer
        overflows, message replays, message reflections)
      – Implement centralized protection (schema validation, WSDL cloaking) against XML-based DoS
        (XDoS) attacks (schema poisoning, oversized payload, recursive payload, WSDL scanning,
        parameter tampering)
      – Implement centralized protection (signature detection, context-sensitive content filtering,
        external reference control) against XML content-level attacks (SQL injection, virus/malicious
        code injection, identity spoofing, external entity attacks)
      – Filter all internal communication destined for ESB via internal Web Services Security Gateway
      – Filter all external communication mediated by B2B Gateway via Web Services Firewall
 •   Level 2
      – Implement decentralized/distributed vulnerability containment points at end systems
      – Maintain local vulnerability database or access centralized vulnerability management
        implementation
 •   Future Developments
      – Anomaly detection (conversational/behavioral analytics)
      – XML-vectored intrusion detection and prevention
Implement Transport-Layer Security
 •   Motivations
      – Supports Confidentiality between peers (but not between end systems when managed by
        intermediaries)
      – Supports transport-level Data Integrity with protocol-based message digests (RFC 2104) and
        handshake completion hashes
 •   Level 1
      – All communication should be transported over SSLv3
      – X.509 (RFC 3280) certificates should be used to establish authentication
      – Use only widely adopted (128-bit or longer) cryptographic algorithms:
            •   For public-key cryptography: RSA, Diffie-Hellman, DSA, Fortezza
            •   For symmetric ciphers: RC2, RC4, IDEA, DES, 3DES, AES
            •   For one-way hash functions: SHA-1, SHA-2
      – Authenticate only the server to maintain server identity for client-server communication
      – Mutual authentication should be implemented for server-server communication
 •   Level 2
      – All communication should be transported over TLS (currently v1.1; RFC 4346)
      – Use advanced ciphersuites (Camellia, Kerberos, SEED, Elliptic Curve Cryptography, Pre-Shared Key)
 •   Future Developments
      – IPSec (RFCs 4301-4309)
      – OpenPGP-based certificates
      – Network Access Control (NAC)
Implement Service Virtualization
 • Motivations
    – Supports Availability (by encapsulation service implementation details such as
      location, interface definition, security policies, etc.)
    – Supports Identity and Access Management
    – Supports Risk Aggregation
 • Level 1
    – Server-to-server (point-to-point) direct connections
    – Unmanaged or managed by Web Services Management (WSM) solution
 • Level 2
    – Mediate all internal communication via centralized ESB
    – Mediate all external communication via centralized B2B Gateway
      implementation
 • Future Developments
    – Domain-specific ESB integration and federation
    – Data and semantics virtualization (transformation into canonical formats)
Externalize & Centralize Security Mgmt
 • Motivations
    – Supports Governance
    – Supports Identity and Access Management
    – Supports Risk Aggregation
 • Level 1
    – Maintain local and autonomous security policy decisions (based on identity
      and access)
    – Maintain local identity store or access shared (centralized) identity store
 • Level 2
    – Maintain local policy enforcement implementation
    – Delegate (externalize) security policy decision to centralized implementation
 • Future Developments
    – Externalize key and certificate management to centralized implementation
    – Externalize audit management to centralized implementation
    – Externalize vulnerability identification and mitigation to centralized
      implementation
Authenticate All Messages
 • Motivations
    – Supports Identity and Access Management
 • Level 1
    – System-based (peer-to-peer) trust relationships
    – Implement transport-layer security
    – Unique certificates or keys should be used to establish each relationship to
      maintain sender (requester or consumer) identity
 • Level 2
    – Identity-based trust relationships (all connections are inherently untrusted)
    – Implement message-level security (attach credential tokens and cipher
      specifications and/or SAML identity assertions to establish and verify identity)
 • Future Developments
    – Enterprise single sign-on (based on centrally managed identity assertions)
Authorize All Messages
• Motivations
   – Supports Identity and Access Management
• Level 1
   – Maintain distributed, fine-grained, and customized local request authorization
     implementations (security policy decision and enforcement)
   – Implement centralized coarse-grained service authorization based on identity
     for proxy services deployed on ESB and B2B Gateway
• Level 2
   – Implement centralized fine-grained service authorization based on request
     content (payload) for proxy services deployed on ESB and B2B Gateway
• Future Developments
   – Centralized security policy decision management and distributed enforcement
     implementation
   – Dynamic security policy interpretation and negotiation
   – Resource-layer policy enforcement implementation
Audit All Messages
 •   Motivations
      – Supports Accountability
      – Supports Audit
 •   Level 1
      – Intermediaries should log all message exchanges (requestor identity, destination, timestamp,
        message digest or content/payload, etc.)
      – The requester/sender (or consumer) system should log all sent messages (destination,
        timestamp, content/payload) and correlate them with received response messages
      – The server/receiver (or producer) system should log all received messages (requester identity,
        timestamp, content/payload) and correlate them with generated response messages
      – Intermediaries should audit encrypted content (by proactive decryption) in all received
        messages, if the peer-to-peer security context is established with requester systems
 •   Level 2
      – Intermediaries should log both received and sent messages if message content/format was
        altered due to proxy service implementation (i.e., data transformation, credential/identity
        mapping, data encryption/decryption, etc.)
      – Intermediaries do not have to audit encrypted content in received messages if the end-to-end
        security context is established between requester and receiver end systems
 •   Future Developments
      – Externalize audit management to centralized implementation
      – Centralized audit log correlation and analytics
Sign All Messages
 • Motivations
    – Supports Accountability
    – Supports Integrity
 • Level 1
    – Internal messages do not have to be digitally signed
    – External message exchanges should be digitally signed (implemented by the B2B
      Gateway)
 • Level 2
    – Sender (or consumer) systems should attach digital signatures (including message
      digests) to all messages – establishes non-repudiation for the sender systems
    – Intermediaries should perform signature verification in all received messages, if the
      peer-to-peer security context is established with requester systems
 • Level 3
    – Receiver (or producer) systems should perform signature verification on received
      messages, as end-to-end security contexts can be established with requester
      systems
 • Future Developments
    – XML element-level digital signatures
    – Externalized signature verification using centralized management implementation
Encrypt Confidential Information
 • Motivations
    – Supports Confidentiality
 • Level 1
    – Implement transport-layer security to establish peer-to-peer confidentiality
    – Intermediaries are inherently trusted
 • Level 2
    – Implement standards-based content/payload-level encryption (including fields
      and elements)
        •    Block encryption (3DES, AES-128, AES-256)
        •    Key transport (RSA-v1.5, RSA-OAEP)
        •    Key wrapping (3DES, AES-128, AES-256)
    – Intermediaries do not decrypt/encrypt content if end-to-end security contexts
      are established between sender and receiver systems
 • Future Developments
    – Externalized key management and verification using centralized key and
      certificate management implementation
Implement Standards-Based Security
 • Motivations
    – Supports Security By Design
 • Level 1
    – Implement standards-based transport-layer security
 • Level 2
    – WS-Security 1.0 (April 2004)
    – WS-Policy 1.1 (May 2003)
    – SAML 1.1 (September 2003)
 • Level 3
    – WS-Security 1.1 (February 2006)
    – WS-Policy 1.2 (March 2006)
    – WSI-Basic Security Profile 1.0 (March 2006)
 • Future Developments
    –   W3C XML Encryption (XMLEnc), XML Digital Signature (XMLDsig)
    –   W3C XKMS (XML Key Management)
    –   WS-Federation
    –   WS-SecureConversation
    –   WS-Trust
    –   XACML (eXtensible Access Control Markup Language; OASIS 2.0 February 2005)
Information Security Technology Model




Source: Burton Group
Policy-based & Layered Security Model
 • Perimeter Layer
    – Practices “security by exclusion” by enforcing boundaries between internet and
      intranet
    – Examples of technical components include:
        •   Firewalls, VPNs, Intrusion Detection Systems (IDS), etc.
 • Identity and Access Layer
    – Practices “security by inclusion” by providing and enforcing identity-related and
      other resource-specific controls
    – Examples of technical components include:
        •   Authentication servers (i.e., Microsoft domain controllers, RSA/ACE server, etc.)
        •   Web access management (i.e., CA eTrust SiteMinder, IBM Tivoli Access Manager, etc.)
 • Resource Layer
    – Consists of applications, systems, content, and repositories
    – Security typically provided natively by resources
 • Control Layer
    – Exercises configuration, command, control, auditing, and detection obligations
    – Manages policy administration, decision, and enforcement operations through
      propagation, delegation, inheritance, and federation control mechanisms for
      cross-domain coordination
Implementation Strategy
          Technology                     Organization
•   Identity Management (IdM)     • Evolving Policies
•   Access Management             • Collaborative Policy
•   Security Policy Management      Management
•   Certificate & Key             • Incentivize Compliance
    Management (CA & PKI)
                                  • Policy Lifecycle Process
•   Vulnerability Management
                                  • Full Process Transparency
•   Security Audit Management
                                    (Roadmaps, Migration
•   Lifecycle Management            Paths)
•   Quality Management
                                  • Incremental Delivery
•   Registries and Repositories
What’s Next?
•   De-Perimeriterization Continues
•   Outsider / Insider Lines Blurring
•   LOB Applications Becoming Service Consumers
•   Emergence of Logical Security Zone Partitions
•   Convergence of Virtualization and Physical Security
•   Increasing Endpoint Security Intelligence
•   Increasing Data / Content Centralization
•   Federation Advancement Continues
•   Encryption Going Mainstream
In Summary
• Just like enterprise SOA, it’s “how” you do security
• Planning enterprise security requires a comprehensive,
  holistic approach
• Focus on organizational and cultural issues
• Security can create tight coupling in enterprise SOA
• Essential part of an SOA infrastructure
• Evolving technology landscape
• Incremental technology delivery; maturity-based
  approach (expect mixed and hybrid environments)
• Consumerization and evolving Web to bring more
  changes
THANK YOU!
• 10/15/07 3:15pm – Harry Pierson, “Moving Beyond
  Industrial Software”
• 10/16/07 9:45am – Lynn Langit, “SharePoint Architecture –
  Lessons from the Trenches”
• Come by our booth
• Drop a business card
• Win an Xbox 360 (or a Zune)!
© 2007 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

More Related Content

Viewers also liked

F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle Database
F5 Networks
 
VIPRION Solutions - April 2012
VIPRION Solutions - April 2012VIPRION Solutions - April 2012
VIPRION Solutions - April 2012
F5 Networks
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Cisco Canada
 
F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1
DSorensenCPR
 
HK VForum F5 apps centric security nov 4, 2016 - final
HK VForum F5 apps centric security nov 4, 2016 - finalHK VForum F5 apps centric security nov 4, 2016 - final
HK VForum F5 apps centric security nov 4, 2016 - final
Juni Yan
 
VIPRION 2400 and vCMP
VIPRION 2400 and vCMPVIPRION 2400 and vCMP
VIPRION 2400 and vCMP
F5 Networks
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
CCNA RS_ITN - Chapter 7
CCNA RS_ITN - Chapter 7CCNA RS_ITN - Chapter 7
CCNA RS_ITN - Chapter 7
Irsandi Hasan
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
Jared Roberts
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)
F5 Networks
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
Irsandi Hasan
 
Internetworking Overview
Internetworking OverviewInternetworking Overview
Internetworking Overview
scooby_doo
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
Building the Mobile Internet
Building the Mobile InternetBuilding the Mobile Internet
Building the Mobile Internet
Klaas Wierenga
 
F5 study guide
F5 study guideF5 study guide
F5 study guide
shimera123
 
F5 BIG-IP: Secure Application and Data Security Services
 F5 BIG-IP: Secure Application and Data Security Services F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security Services
Amazon Web Services
 

Viewers also liked (16)

F5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle DatabaseF5 Networks Adds To Oracle Database
F5 Networks Adds To Oracle Database
 
VIPRION Solutions - April 2012
VIPRION Solutions - April 2012VIPRION Solutions - April 2012
VIPRION Solutions - April 2012
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
 
F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1F5 Offers Advanced Web Security With BIG-IP v10.1
F5 Offers Advanced Web Security With BIG-IP v10.1
 
HK VForum F5 apps centric security nov 4, 2016 - final
HK VForum F5 apps centric security nov 4, 2016 - finalHK VForum F5 apps centric security nov 4, 2016 - final
HK VForum F5 apps centric security nov 4, 2016 - final
 
VIPRION 2400 and vCMP
VIPRION 2400 and vCMPVIPRION 2400 and vCMP
VIPRION 2400 and vCMP
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
 
CCNA RS_ITN - Chapter 7
CCNA RS_ITN - Chapter 7CCNA RS_ITN - Chapter 7
CCNA RS_ITN - Chapter 7
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
 
Internetworking Overview
Internetworking OverviewInternetworking Overview
Internetworking Overview
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Building the Mobile Internet
Building the Mobile InternetBuilding the Mobile Internet
Building the Mobile Internet
 
F5 study guide
F5 study guideF5 study guide
F5 study guide
 
F5 BIG-IP: Secure Application and Data Security Services
 F5 BIG-IP: Secure Application and Data Security Services F5 BIG-IP: Secure Application and Data Security Services
F5 BIG-IP: Secure Application and Data Security Services
 

Similar to 20071015 Architecting Enterprise Security

Presentation cyber defense for soa & rest
Presentation   cyber defense for soa & restPresentation   cyber defense for soa & rest
Presentation cyber defense for soa & rest
xKinAnx
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
CA API Management
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest   oracleCyber defense for soa & rest   oracle
Cyber defense for soa & rest oracle
igsc
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_Scenarios
Kevin Kao
 
Services Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 WorldServices Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 World
Lexumo
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
Blueinfy Solutions
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
Sigortam.net
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
Shantanu Mitra
 
4aa5 3404
4aa5 34044aa5 3404
4aa5 3404
Bloombase
 
State of the Web
State of the WebState of the Web
State of the Web
CASCouncil
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol Design
Nate Lawson
 
Docker Security - Continuous Container Security
Docker Security - Continuous Container SecurityDocker Security - Continuous Container Security
Docker Security - Continuous Container Security
Dieter Reuter
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
Lancope, Inc.
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
Maliha Ali
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
Maliha Ali
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
bakar kazmi
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
Muhammad Owais Akhtar
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
Baqar kazmi
 

Similar to 20071015 Architecting Enterprise Security (20)

Presentation cyber defense for soa & rest
Presentation   cyber defense for soa & restPresentation   cyber defense for soa & rest
Presentation cyber defense for soa & rest
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest   oracleCyber defense for soa & rest   oracle
Cyber defense for soa & rest oracle
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_Scenarios
 
Services Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 WorldServices Oriented Infrastructure in a Web2.0 World
Services Oriented Infrastructure in a Web2.0 World
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and Security
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
4aa5 3404
4aa5 34044aa5 3404
4aa5 3404
 
State of the Web
State of the WebState of the Web
State of the Web
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol Design
 
Docker Security - Continuous Container Security
Docker Security - Continuous Container SecurityDocker Security - Continuous Container Security
Docker Security - Continuous Container Security
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
 
CyberoamNGFWTechSheet
CyberoamNGFWTechSheetCyberoamNGFWTechSheet
CyberoamNGFWTechSheet
 

More from David Chou

Cloud Native Apps
Cloud Native AppsCloud Native Apps
Cloud Native Apps
David Chou
 
Windows Phone app development overview
Windows Phone app development overviewWindows Phone app development overview
Windows Phone app development overview
David Chou
 
Microsoft AI Platform Overview
Microsoft AI Platform OverviewMicrosoft AI Platform Overview
Microsoft AI Platform Overview
David Chou
 
Designing Artificial Intelligence
Designing Artificial IntelligenceDesigning Artificial Intelligence
Designing Artificial Intelligence
David Chou
 
Immersive Computing
Immersive ComputingImmersive Computing
Immersive Computing
David Chou
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
David Chou
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
David Chou
 
Designing Microservices
Designing MicroservicesDesigning Microservices
Designing Microservices
David Chou
 
Combining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful HybridsCombining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful Hybrids
David Chou
 
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows AzureCloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
David Chou
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
David Chou
 
Windows Azure AppFabric
Windows Azure AppFabricWindows Azure AppFabric
Windows Azure AppFabric
David Chou
 
Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)
David Chou
 
Scale as a Competitive Advantage
Scale as a Competitive AdvantageScale as a Competitive Advantage
Scale as a Competitive Advantage
David Chou
 
Architecting Cloudy Applications
Architecting Cloudy ApplicationsArchitecting Cloudy Applications
Architecting Cloudy Applications
David Chou
 
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
David Chou
 
Kelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud ComputingKelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud Computing
David Chou
 
Windows Phone 7
Windows Phone 7Windows Phone 7
Windows Phone 7
David Chou
 
Silverlight 4 Briefing
Silverlight 4 BriefingSilverlight 4 Briefing
Silverlight 4 Briefing
David Chou
 
Architecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The CloudArchitecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The Cloud
David Chou
 

More from David Chou (20)

Cloud Native Apps
Cloud Native AppsCloud Native Apps
Cloud Native Apps
 
Windows Phone app development overview
Windows Phone app development overviewWindows Phone app development overview
Windows Phone app development overview
 
Microsoft AI Platform Overview
Microsoft AI Platform OverviewMicrosoft AI Platform Overview
Microsoft AI Platform Overview
 
Designing Artificial Intelligence
Designing Artificial IntelligenceDesigning Artificial Intelligence
Designing Artificial Intelligence
 
Immersive Computing
Immersive ComputingImmersive Computing
Immersive Computing
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
 
Designing Microservices
Designing MicroservicesDesigning Microservices
Designing Microservices
 
Combining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful HybridsCombining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful Hybrids
 
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows AzureCloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
 
Windows Azure AppFabric
Windows Azure AppFabricWindows Azure AppFabric
Windows Azure AppFabric
 
Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)
 
Scale as a Competitive Advantage
Scale as a Competitive AdvantageScale as a Competitive Advantage
Scale as a Competitive Advantage
 
Architecting Cloudy Applications
Architecting Cloudy ApplicationsArchitecting Cloudy Applications
Architecting Cloudy Applications
 
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
 
Kelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud ComputingKelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud Computing
 
Windows Phone 7
Windows Phone 7Windows Phone 7
Windows Phone 7
 
Silverlight 4 Briefing
Silverlight 4 BriefingSilverlight 4 Briefing
Silverlight 4 Briefing
 
Architecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The CloudArchitecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The Cloud
 

Recently uploaded

IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 

Recently uploaded (20)

IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 

20071015 Architecting Enterprise Security

  • 1. IT Architect Regional Conference 2007 Architecting Enterprise Security David Chou Architect, Microsoft david.chou@microsoft.com http://blogs.msdn.com/dachou
  • 2. Environments Today Look Like… Source: The Walt Disney Company
  • 3. Enterprise Security Concerns Governance • Policies • Standards SOA? • Procedures • Auditing • Personnel etc. Infrastructure Applications • Physical • Access Control • Perimeter • Data Protection • Network • Data Encryption • Hardware • Platform • Identity Mgmt • Integration etc. etc.
  • 4. SOA Brings Changes • Imperative to Connect • Networks Without Borders • Mass Volume Real-Time Communications • Integration Layer Concerns • Inter-Dependencies Amplified • Existing Issues Magnified • New Issues Created • Changing Nature of the Threat Environment
  • 5. SOA Brings Questions Impersonation / Trust Delegation System Identities End User Identities Message-Layer Transport-Layer Identity Federation Replicated Databases Centralized Shared Distributed Decision Infrastructure Enforcement Points Endpoint (Overlay) Intelligent Network End-to-End Context Peer-to-Peer Context
  • 6. Information-Centric Security • Availability • Confidentiality • Integrity • Accountability • Identity and Access Management • Audit • Governance Trustworthy • Business Continuity Computing • Security by Design
  • 7. Availability • System Reliability • Web Services Security • Threat Protection Gateway (XML Appliance) – Message alteration • Enterprise Service Bus – Data theft • Custom Component – Falsified messages – “Man in the middle” – Principal spoofing • Schema Poisoning – Forged claims • XML Parameter Tampering • Inadvertent XML DoS – Malformed XML content • WSDL Scanning • Oversized Payload – Denial of Service (DoS) • Recursive Payload • XML Routing Detours • Vulnerability Mitigation • SQL Injection • External Entity Attack • Malicious Code Injection •Identity Centric Attack
  • 8. Confidentiality • Data Privacy • Transport-Layer Security (SSL, TLS, IPSec) • XML Content Encryption (W3C XML Enc spec) • XML Encryption (W3C XML Enc spec): • Block encryption (3DES, AES-128, AES-256) • Key transport (RSA-v1.5, RSA-OAEP) • Key wrapping (3DES, AES128, AES- 256) • WS-Security (Oasis spec v1.1 Feb 2006; v1.0 Apr 2004)
  • 9. Integrity • Data Assurance • XML Message Digest (W3C XML Enc and DSig specs) • WS-Security
  • 10. Accountability • Non-Repudiation • XML Digital Signature (W3C XML Enc and DSig specs) • WS-Security
  • 11. Identity and Access Management • User Authentication • Transport-Layer Security • Authorization & Access • Message-Layer Security Control • XACML (eXtensible Access • Trust & Federation Control Markup Language) 2.0 • WSI Basic Security Profile (WSI spec v1.0 March 2006) • Web Services Security Appliances • Enterprise Service Bus
  • 12. Audit • Tracking • XML Digital Signature • Monitoring (W3C XML DSig spec) • Reporting • Digital Certificates (X.509, PKI, etc.) • Timestamps (network time synchronization) • Service Intermediaries (Web Services Security Appliances, Enterprise Service Bus, etc.)
  • 13. Security Architecture Policies (for example) • Implement Threat Protection • Implement Transport-Layer Security • Implement Service Virtualization • Externalize & Centralize Security Management • Authenticate All Messages • Authorize All Messages • Audit All Messages • Sign All Messages • Encrypt Confidential Content • Implement Standards-Based Security
  • 14. Implement Threat Protection • Motivations – Supports Availability and Risk Aggregation • Level 1 – Implement centralized protection against Denial of Service (DoS) attacks (floods, buffer overflows, message replays, message reflections) – Implement centralized protection (schema validation, WSDL cloaking) against XML-based DoS (XDoS) attacks (schema poisoning, oversized payload, recursive payload, WSDL scanning, parameter tampering) – Implement centralized protection (signature detection, context-sensitive content filtering, external reference control) against XML content-level attacks (SQL injection, virus/malicious code injection, identity spoofing, external entity attacks) – Filter all internal communication destined for ESB via internal Web Services Security Gateway – Filter all external communication mediated by B2B Gateway via Web Services Firewall • Level 2 – Implement decentralized/distributed vulnerability containment points at end systems – Maintain local vulnerability database or access centralized vulnerability management implementation • Future Developments – Anomaly detection (conversational/behavioral analytics) – XML-vectored intrusion detection and prevention
  • 15. Implement Transport-Layer Security • Motivations – Supports Confidentiality between peers (but not between end systems when managed by intermediaries) – Supports transport-level Data Integrity with protocol-based message digests (RFC 2104) and handshake completion hashes • Level 1 – All communication should be transported over SSLv3 – X.509 (RFC 3280) certificates should be used to establish authentication – Use only widely adopted (128-bit or longer) cryptographic algorithms: • For public-key cryptography: RSA, Diffie-Hellman, DSA, Fortezza • For symmetric ciphers: RC2, RC4, IDEA, DES, 3DES, AES • For one-way hash functions: SHA-1, SHA-2 – Authenticate only the server to maintain server identity for client-server communication – Mutual authentication should be implemented for server-server communication • Level 2 – All communication should be transported over TLS (currently v1.1; RFC 4346) – Use advanced ciphersuites (Camellia, Kerberos, SEED, Elliptic Curve Cryptography, Pre-Shared Key) • Future Developments – IPSec (RFCs 4301-4309) – OpenPGP-based certificates – Network Access Control (NAC)
  • 16. Implement Service Virtualization • Motivations – Supports Availability (by encapsulation service implementation details such as location, interface definition, security policies, etc.) – Supports Identity and Access Management – Supports Risk Aggregation • Level 1 – Server-to-server (point-to-point) direct connections – Unmanaged or managed by Web Services Management (WSM) solution • Level 2 – Mediate all internal communication via centralized ESB – Mediate all external communication via centralized B2B Gateway implementation • Future Developments – Domain-specific ESB integration and federation – Data and semantics virtualization (transformation into canonical formats)
  • 17. Externalize & Centralize Security Mgmt • Motivations – Supports Governance – Supports Identity and Access Management – Supports Risk Aggregation • Level 1 – Maintain local and autonomous security policy decisions (based on identity and access) – Maintain local identity store or access shared (centralized) identity store • Level 2 – Maintain local policy enforcement implementation – Delegate (externalize) security policy decision to centralized implementation • Future Developments – Externalize key and certificate management to centralized implementation – Externalize audit management to centralized implementation – Externalize vulnerability identification and mitigation to centralized implementation
  • 18. Authenticate All Messages • Motivations – Supports Identity and Access Management • Level 1 – System-based (peer-to-peer) trust relationships – Implement transport-layer security – Unique certificates or keys should be used to establish each relationship to maintain sender (requester or consumer) identity • Level 2 – Identity-based trust relationships (all connections are inherently untrusted) – Implement message-level security (attach credential tokens and cipher specifications and/or SAML identity assertions to establish and verify identity) • Future Developments – Enterprise single sign-on (based on centrally managed identity assertions)
  • 19. Authorize All Messages • Motivations – Supports Identity and Access Management • Level 1 – Maintain distributed, fine-grained, and customized local request authorization implementations (security policy decision and enforcement) – Implement centralized coarse-grained service authorization based on identity for proxy services deployed on ESB and B2B Gateway • Level 2 – Implement centralized fine-grained service authorization based on request content (payload) for proxy services deployed on ESB and B2B Gateway • Future Developments – Centralized security policy decision management and distributed enforcement implementation – Dynamic security policy interpretation and negotiation – Resource-layer policy enforcement implementation
  • 20. Audit All Messages • Motivations – Supports Accountability – Supports Audit • Level 1 – Intermediaries should log all message exchanges (requestor identity, destination, timestamp, message digest or content/payload, etc.) – The requester/sender (or consumer) system should log all sent messages (destination, timestamp, content/payload) and correlate them with received response messages – The server/receiver (or producer) system should log all received messages (requester identity, timestamp, content/payload) and correlate them with generated response messages – Intermediaries should audit encrypted content (by proactive decryption) in all received messages, if the peer-to-peer security context is established with requester systems • Level 2 – Intermediaries should log both received and sent messages if message content/format was altered due to proxy service implementation (i.e., data transformation, credential/identity mapping, data encryption/decryption, etc.) – Intermediaries do not have to audit encrypted content in received messages if the end-to-end security context is established between requester and receiver end systems • Future Developments – Externalize audit management to centralized implementation – Centralized audit log correlation and analytics
  • 21. Sign All Messages • Motivations – Supports Accountability – Supports Integrity • Level 1 – Internal messages do not have to be digitally signed – External message exchanges should be digitally signed (implemented by the B2B Gateway) • Level 2 – Sender (or consumer) systems should attach digital signatures (including message digests) to all messages – establishes non-repudiation for the sender systems – Intermediaries should perform signature verification in all received messages, if the peer-to-peer security context is established with requester systems • Level 3 – Receiver (or producer) systems should perform signature verification on received messages, as end-to-end security contexts can be established with requester systems • Future Developments – XML element-level digital signatures – Externalized signature verification using centralized management implementation
  • 22. Encrypt Confidential Information • Motivations – Supports Confidentiality • Level 1 – Implement transport-layer security to establish peer-to-peer confidentiality – Intermediaries are inherently trusted • Level 2 – Implement standards-based content/payload-level encryption (including fields and elements) • Block encryption (3DES, AES-128, AES-256) • Key transport (RSA-v1.5, RSA-OAEP) • Key wrapping (3DES, AES-128, AES-256) – Intermediaries do not decrypt/encrypt content if end-to-end security contexts are established between sender and receiver systems • Future Developments – Externalized key management and verification using centralized key and certificate management implementation
  • 23. Implement Standards-Based Security • Motivations – Supports Security By Design • Level 1 – Implement standards-based transport-layer security • Level 2 – WS-Security 1.0 (April 2004) – WS-Policy 1.1 (May 2003) – SAML 1.1 (September 2003) • Level 3 – WS-Security 1.1 (February 2006) – WS-Policy 1.2 (March 2006) – WSI-Basic Security Profile 1.0 (March 2006) • Future Developments – W3C XML Encryption (XMLEnc), XML Digital Signature (XMLDsig) – W3C XKMS (XML Key Management) – WS-Federation – WS-SecureConversation – WS-Trust – XACML (eXtensible Access Control Markup Language; OASIS 2.0 February 2005)
  • 24. Information Security Technology Model Source: Burton Group
  • 25. Policy-based & Layered Security Model • Perimeter Layer – Practices “security by exclusion” by enforcing boundaries between internet and intranet – Examples of technical components include: • Firewalls, VPNs, Intrusion Detection Systems (IDS), etc. • Identity and Access Layer – Practices “security by inclusion” by providing and enforcing identity-related and other resource-specific controls – Examples of technical components include: • Authentication servers (i.e., Microsoft domain controllers, RSA/ACE server, etc.) • Web access management (i.e., CA eTrust SiteMinder, IBM Tivoli Access Manager, etc.) • Resource Layer – Consists of applications, systems, content, and repositories – Security typically provided natively by resources • Control Layer – Exercises configuration, command, control, auditing, and detection obligations – Manages policy administration, decision, and enforcement operations through propagation, delegation, inheritance, and federation control mechanisms for cross-domain coordination
  • 26. Implementation Strategy Technology Organization • Identity Management (IdM) • Evolving Policies • Access Management • Collaborative Policy • Security Policy Management Management • Certificate & Key • Incentivize Compliance Management (CA & PKI) • Policy Lifecycle Process • Vulnerability Management • Full Process Transparency • Security Audit Management (Roadmaps, Migration • Lifecycle Management Paths) • Quality Management • Incremental Delivery • Registries and Repositories
  • 27. What’s Next? • De-Perimeriterization Continues • Outsider / Insider Lines Blurring • LOB Applications Becoming Service Consumers • Emergence of Logical Security Zone Partitions • Convergence of Virtualization and Physical Security • Increasing Endpoint Security Intelligence • Increasing Data / Content Centralization • Federation Advancement Continues • Encryption Going Mainstream
  • 28. In Summary • Just like enterprise SOA, it’s “how” you do security • Planning enterprise security requires a comprehensive, holistic approach • Focus on organizational and cultural issues • Security can create tight coupling in enterprise SOA • Essential part of an SOA infrastructure • Evolving technology landscape • Incremental technology delivery; maturity-based approach (expect mixed and hybrid environments) • Consumerization and evolving Web to bring more changes
  • 29. THANK YOU! • 10/15/07 3:15pm – Harry Pierson, “Moving Beyond Industrial Software” • 10/16/07 9:45am – Lynn Langit, “SharePoint Architecture – Lessons from the Trenches” • Come by our booth • Drop a business card • Win an Xbox 360 (or a Zune)!
  • 30. © 2007 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.