Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures

310 views

Published on

In this talk Shankar will focus on leveraging the extensive feature set and extensible nature of the WSO2 platform to provide a robust security architecture for your enterprise. It will also touch upon some of WSO2’s experiences with customers in building a security architecture and there by extracting commonly used security architecture patterns.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures

  1. 1. Reinforcing Your Enterprise With Security Architectures S.Uthaiyashankar VP Engineering, WSO2 shankar@wso2.com
  2. 2. The Problem… •  Security is a non-func?onal requirements •  Very easy to make security holes •  Knowledge on security is less –  ODen people feel secure through obscurity •  Too much of security will reduce usability •  Security PaHerns might help to reduce the risk Image Source: hHp://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
  3. 3. Security •  Authen?ca?on •  Authoriza?on •  Confiden?ality •  Integrity •  Non-repudia?on •  Audi?ng •  Availability Image source: hHp://coranet.com/images/network-security.png
  4. 4. Authen<ca<on •  Direct Authen?ca?on –  Basic Authen?ca?on –  Digest Authen?ca?on –  TLS Mutual Authen?ca?on –  OAuth : Client Creden?als Service Providers Authen<ca<on Service Consump<on Image Source : hHp://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
  5. 5. Authen<ca<on •  Brokered Authen?ca?on –  SAML –  OAuth : SAML2/JWT grant type –  OpenID Service Providers Service Providers Service Providers Iden?ty Provider Service Providers Authen<ca<on Service Consump<on Trust Image source: hHp://savepic.ru/6463149.gif
  6. 6. Authen<ca<on •  Single Sign On •  Mul?-factor Authen?ca?on Service Providers Service Providers Service Providers Iden?ty Provider Service Providers Authen<ca<on Service Consump<on Trust Image source : hHps://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
  7. 7. Authen<ca<on •  Iden?ty Federa?on PaHern and Token Exchange
  8. 8. Authen<ca<on •  Iden?ty Federa?on PaHern and Token Exchange
  9. 9. Authen<ca<on •  Iden?ty Bus
  10. 10. Authen<ca<on •  Trusted Subsystem PaHern Source: hHps://i-msdn.sec.s-msD.com/dynimg/IC2296.gif
  11. 11. Authen<ca<on •  Mul?ple User stores Image Source: hHps://malalanayake.files.wordpress.com/2013/01/mul?ple-user-stores1.png?w=645&h=385
  12. 12. Provisioning
  13. 13. Authoriza<on •  Principle of Least Privilege •  Role based Access Control •  AHribute based Access Control –  Policy based Access Control Image source : hHp://cdn.meme.am/instances/500x/48651236.jpg
  14. 14. Authoriza<on •  eXtensible Access Control Markup Language (XACML) Image Source : hHps://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
  15. 15. Confiden<ality : Encryp<on Transport Level Security vs Message Level Security •  Transport Level •  Message Level •  Symmetric Encryp?on •  Asymmetric Encryp?on •  Session key based Encryp?on Image Source: hHp://www.the?mes.co.uk/Ho/mul?media/archive/00727/cartoon-web_727821c.jpg
  16. 16. Integrity : Digital Signatures •  Transport Level •  Message Level •  Symmetric Signature •  Asymmetric Signature •  Session key based Signature Image Source : hHp://memegenerator.net/instance2/4350097
  17. 17. Non-repudia<on: Digital Signatures •  Message Level •  Asymmetric Signature Image Source: hHp://www.demo?va?on.us/media/demo?vators/demo?va?on.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
  18. 18. Audi<ng •  However secure you are, people might make mistake •  Collect the (audit) logs and analyze for –  Anomaly –  Fraud Source: hHps://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
  19. 19. Availability •  Network Level Measures •  ThroHling •  Heart beat and hot pooling Image Source: hHps://www.corero.com/img/blog/thumb/62327%207%20365.jpg
  20. 20. Secure Deployment PaHern Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integra<on Client Applica<on
  21. 21. Secure Deployment PaHern : More restricted Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integra<on, Message Broker Client Applica<on
  22. 22. Thank You

×