Anypoint Enterprise Security provides various security features in Mule applications, including the Mule Secure Token Service, Credentials Vault, message encryption and digital signature processors, and filters. These features help secure valuable application information from unauthorized access while allowing authorized users and systems to access data. Security is configured in Mule through the Security Manager and supports standards like Spring Security, WS-Security, and SAML. As of version 3.5.0, Mule can also be configured to run in FIPS 140-2 compliant mode for additional security.

1. Securing - Mule
Presented By
Sindhu VL

2. Securing Steps :
 Anypoint Enterprise Security
 Configuring Security
 FIPS 140-2 Compliance Support

3. 1. Anypoint Enterprise Security :
 Anypoint Enterprise Security is a
collection of security features that
enforce secure access to information in
Mule applications.
 This suite of security features provides
various methods for applying security to
Mule Service-Oriented Architecture
(SOA) implementations and Web
services. The following security features
bridge gaps between trust boundaries in
applications:

4.  Mule Secure Token Service (STS)
OAuth 2.0a Provider
 Mule Credentials Vault
 Mule Message Encryption Processor
 Mule Digital Signature Processor
 Mule Filter Processor
 Mule CRC32 Processor

5. Why Do Applications Need
Security?
 Businesses must ensure that the valuable information
they store and make available through software
applications and Web services is secure. Locked away
and protected from unauthorized users and malicious
attackers, protected resources — such as credit card
information or Social Security numbers — must still be
accessible to authorized legitimate users and systems
in order to conduct business transactions.
 To provide secure access to information, applications
and services can apply a variety of security measures.
The suite of security features in Anypoint Enterprise
Security enables developers to protect applications
according to security requirements, prevent security
breaches and facilitate authorized access to data.

6. Advantages of Anypoint
Enterprise Security :
 Anypoint Enterprise Security adds new features
on top of of Mule ESB Enterprise’s existing
security capabilities. Mule ESB already provides
the following security features:
 Mule Security Manager, client authentication and
authorization on inbound requests as well as
credential mapping for outbound calls
 LDAP and third party identity
management system integration
 Validation of inbound requests through the SAML
2.0 federated identity standard
 Secure FTP (SFTP) Transport that enables Mule
flows to read and write to remote directories over
the SSH protocol.

7. Mule Credentials Vault :
 Mule can encrypt properties in a
.properties file. The .properties file in
Mule stores data as key-value pairs.
Mule flows may access this data —
usernames, first and last names, credit
card information — as the flow
processes messages. In the context of
Anypoint Enterprise Security, Mule refers
to the .properties file in which it safely
stores encrypted properties as the Mule
Credentials Vault.
 Encrypt a properties file

8. Mule Message Encryption
Processor :
 Mule can encrypt an entire payload or
several fields of data within a message.
Where sensitive information must move
between users, yet remain hidden from
them, a developer can encrypt message
content to prevent unauthorized access.
Typically, you may need to encrypt data
such as a password, credit card number
or social security number (SSN).
 Encrypt a message payload
Decrypt a message payload

9. Mule Digital Signature Processor
:
 Mule uses digital signatures to ensure that
messages maintain integrity and authenticity.
Mule can verify that an incoming Web service
request originates from a valid source, and
can sign an outgoing Web service response
to ensure its contents. Digital signatures
ensure that a sender is valid, that a message
is not modified in transit between Web
services, and that no unauthorized user has
tampered with a message.
 Add a digital signature to a message in Mule
Sign part of a message payload
Verify a digital signature in Mule

10. Mule Filter Processor :
 Mule can filter messages it receives to
avoid processing invalid ones. With a
filter processor in place, Mule discards
any message it receives that does not
match the filter’s parameters — a
message from outside a set range of
IP addresses, for example.
 Filter unsecure messages

11. Mule CRC32 Processor :
 Mule can apply a cyclic redundancy check (CRC) to
messages to ensure message integrity. CRC uses an
algorithm to apply a check value to a message when it
enters a system, and verifies the value when the
message leaves the system. If the entry and exit values
do not match, CRC marks the message as changed.
Generally, CRC32 (32 indicates the 33-bit polynomial
length in the algorithm) detects unintentional changes to
messages, such as the accumulation of “noise”
between transmission points, but it can also detect
unauthorized intentional changes – for instance,
flagging a message that has been tampered with during
transmission to change it into a Trojan horse.
 Apply a CRC to a message

12. 2. Configuring Security :
 Mule ESB allows you to authenticate
requests via connectors using transport-
specific or generic authentication methods. It
also allows you to control method-level
authorization on your components. The
Security Manager is responsible for
authenticating requests based on one or
more security providers.
 For information on the elements you can
configure for the Security Manager,
seeSecurity Manager Configuration
Reference. The following sections provide
links to information on configuring different
types of security managers.

13. Spring Security 3.0 :
 Spring Security is the next version of Acegi
and provides a number of authentication and
authorization providers such as JAAS, LDAP,
CAS (Yale Central Authentication service),
and DAO. The following topics will help you
get started securing your flows using Spring
Security:
 Configuring the Spring Security Manager
 Component Authorization Using Spring
Security
 Setting up LDAP Provider for Spring Security

14. WS-Security and SAML :
 WS-Security is a standard protocol for applying security
to Web services. It contains specifications on how
integrity and confidentiality in a SOAP message can be
enforced via XML signatures and binary security tokens
such as X.509 certificates and Kerberos tickets as well
as encryption headers. It ensures end-to-end security
by working in the application layer as opposed to the
transport layer. Mule provides the following resources
for WS-Security:
 Enabling WS-Security - Describes how to secure your
CXF connectors with WS-Security.
 SAML Module - Mule now supports the SAML standard
for exchange of security information between systems.
This module is available in the enterprise edition of
Mule as of version 2.2.3

15. Other Security Integration :
 Mule also supports the following
security technologies:
 Encryption Strategies - Secure your
messages by encrypting them.
 PGP Security - Secure your messages
by encrypting them with PGP.
 Jaas Security

16. 3. FIPS 140-2 Compliance
Support :
 As of Mule 3.5.0, Mule ESB can be
configured to run in a FIPS 140-2
certified environment. Note that Mule
does not run in FIPS security mode by
default. There are two requirements:
 Have a certified cryptography module
installed in your Java environment
 Adjust Mule ESB settings to run in
FIPS security mode

17. Thank You!!!!!!