SlideShare a Scribd company logo

Reinforcing Your Enterprise With Security Architectures

Download as PPTX, PDF
U
Uthaiyashankar

The document discusses various security architectures and patterns that can reinforce an enterprise's security. It covers authentication methods like direct authentication, brokered authentication, and single sign-on. It also discusses authorization techniques like role-based access control and attribute-based access control. Additionally, it outlines ways to ensure confidentiality through encryption, integrity through digital signatures, non-repudiation also using digital signatures, auditing to detect anomalies and fraud, and patterns for availability and secure deployment with demilitarized zones and firewalls. The document provides an overview of important security concepts and architectures that can help reduce risk within an enterprise.

Software
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Reinforcing Your Enterprise With Security Architectures S.Uthaiyashankar VP Engineering, WSO2 shankar@wso2.com
The Problem… • Security is a non-functional requirements • Very easy to make security holes • Knowledge on security is less – Often people feel secure through obscurity • Too much of security will reduce usability • Security Patterns might help to reduce the risk Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
Security • Authentication • Authorization • Confidentiality • Integrity • Non-repudiation • Auditing • Availability Image source: http://coranet.com/images/network-security.png
Authentication • Direct Authentication – Basic Authentication – Digest Authentication – TLS Mutual Authentication – OAuth : Client Credentials Service Providers Authentication Service Consumption Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
Authentication • Brokered Authentication – SAML – OAuth : SAML2/JWT grant type – OpenID Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source: http://savepic.ru/6463149.gif
Authentication • Single Sign On • Multi-factor Authentication Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
Authentication • Identity Federation Pattern and Token Exchange
Authentication • Identity Federation Pattern and Token Exchange
Authentication • Identity Bus
Authentication • Trusted Subsystem Pattern Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
Authentication • Multiple User stores Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
Provisioning
Authorization • Principle of Least Privilege • Role based Access Control • Attribute based Access Control – Policy based Access Control Image source : http://cdn.meme.am/instances/500x/48651236.jpg
Authorization • eXtensible Access Control Markup Language (XACML) Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
Confidentiality : Encryption Transport Level Security vs Message Level Security • Transport Level • Message Level • Symmetric Encryption • Asymmetric Encryption • Session key based Encryption Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
Integrity : Digital Signatures • Transport Level • Message Level • Symmetric Signature • Asymmetric Signature • Session key based Signature Image Source : http://memegenerator.net/instance2/4350097
Non-repudiation: Digital Signatures • Message Level • Asymmetric Signature Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
Auditing • However secure you are, people might make mistake • Collect the (audit) logs and analyze for – Anomaly – Fraud Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
Availability • Network Level Measures • Throttling • Heart beat and hot pooling Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
Secure Deployment Pattern Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration Client Application
Secure Deployment Pattern : More restricted Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration, Message Broker Client Application
Thank You

More Related Content

PPTX
Planning Your Cloud Strategy
Uthaiyashankar
 
PPTX
Identity and Access Management in the Era of Digital Transformation
Uthaiyashankar
 
PPTX
Federated and fabulous identity
Andre N. Klingsheim
 
PPTX
IoT mobile app device cloud identity and security architecture
Vinod Wilson
 
PPTX
IAM Cloud
Aidy Tificate
 
PPTX
Wif and sl4 (en)
Nuno Godinho
 
PPTX
The lazy programmer`s way to secure application
Lev Maltsev
 
PPTX
Trust, Blockchains, and Self-Soveriegn Identity
Phil Windley
 
Planning Your Cloud Strategy
Uthaiyashankar
 
Identity and Access Management in the Era of Digital Transformation
Uthaiyashankar
 
Federated and fabulous identity
Andre N. Klingsheim
 
IoT mobile app device cloud identity and security architecture
Vinod Wilson
 
IAM Cloud
Aidy Tificate
 
Wif and sl4 (en)
Nuno Godinho
 
The lazy programmer`s way to secure application
Lev Maltsev
 
Trust, Blockchains, and Self-Soveriegn Identity
Phil Windley
 

What's hot (20)

PDF
Solving problems with authentication
MecklerMedia
 
PDF
IT-Security@Contemporary Life
Oliver Pfaff
 
PPTX
Identity Management
Venkatesh Jambulingam
 
PPTX
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
Robin Vermeirsch
 
PDF
Security Considerations for Microservices and Multi cloud
Neelkamal Gaharwar
 
PPTX
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
PPTX
Azure active directory
EducationTamil
 
PPTX
Core defense mechanisms against security attacks on web applications
Karan Nagrecha
 
PDF
About Microservices
Salvatore Cordiano
 
PDF
Road to Microservices
Salvatore Cordiano
 
PDF
Enterprise Collaboration - 4
Nitin Kohli
 
PDF
Understanding Claim based Authentication
Mohammad Yousri
 
PPTX
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
PPT
Authentication Technologies
Nicholas Davis
 
PDF
Citirx Day 2013: Citrix Enterprise Mobility
Digicomp Academy AG
 
PDF
SwellRT: Facilitating decentralized real-time collaboration
Samer Hassan
 
PDF
OAuth
Iván Fernández Perea
 
PPTX
Securing Access Through a Multi-Purpose Credential and Digital ID
ForgeRock
 
PDF
Duo MFA integration with CoinJar Bitcoin Wallet
Amir Yunas
 
PDF
Claim based authentaication
Sean Xiong
 
Solving problems with authentication
MecklerMedia
 
IT-Security@Contemporary Life
Oliver Pfaff
 
Identity Management
Venkatesh Jambulingam
 
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
Robin Vermeirsch
 
Security Considerations for Microservices and Multi cloud
Neelkamal Gaharwar
 
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
Azure active directory
EducationTamil
 
Core defense mechanisms against security attacks on web applications
Karan Nagrecha
 
About Microservices
Salvatore Cordiano
 
Road to Microservices
Salvatore Cordiano
 
Enterprise Collaboration - 4
Nitin Kohli
 
Understanding Claim based Authentication
Mohammad Yousri
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
Authentication Technologies
Nicholas Davis
 
Citirx Day 2013: Citrix Enterprise Mobility
Digicomp Academy AG
 
SwellRT: Facilitating decentralized real-time collaboration
Samer Hassan
 
OAuth
Iván Fernández Perea
 
Securing Access Through a Multi-Purpose Credential and Digital ID
ForgeRock
 
Duo MFA integration with CoinJar Bitcoin Wallet
Amir Yunas
 
Claim based authentaication
Sean Xiong
 
Ad

Viewers also liked (11)

PDF
CIS14: Are the Enterprises Ready for Identity of Everything?
CloudIDSummit
 
PDF
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
 
PDF
WSO2Con 2013 - WSO2 as a Crypto Platform
Roger CARHUATOCTO
 
PDF
OAuth 2.0 Token Exchange: An STS for the REST of Us
Brian Campbell
 
PPTX
Building IAM for OpenStack
Steve Martinelli
 
PPTX
Ldap intro
yousry ibrahim
 
PDF
Authorization and Authentication in Microservice Environments
LeanIX GmbH
 
PDF
Introduction to LDAP and Directory Services
Radovan Semancik
 
PDF
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
Nov Matake
 
PPTX
Identity and Access Management - RSA 2017 Security Foundations Seminar
Brian Campbell
 
PDF
Visual Design with Data
Seth Familian
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CloudIDSummit
 
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
 
WSO2Con 2013 - WSO2 as a Crypto Platform
Roger CARHUATOCTO
 
OAuth 2.0 Token Exchange: An STS for the REST of Us
Brian Campbell
 
Building IAM for OpenStack
Steve Martinelli
 
Ldap intro
yousry ibrahim
 
Authorization and Authentication in Microservice Environments
LeanIX GmbH
 
Introduction to LDAP and Directory Services
Radovan Semancik
 
SAML / OpenID Connect / OAuth / SCIM 技術解説 - ID&IT 2014 #idit2014
Nov Matake
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Brian Campbell
 
Visual Design with Data
Seth Familian
 
Ad

Similar to Reinforcing Your Enterprise With Security Architectures (20)

PDF
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2
 
PDF
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
PPTX
IoT Lockdown
Adam Englander
 
PPT
Unit 5
DhanalakshmiVelusamy1
 
PDF
Ian Connelly - Customer service and the dark side updated
itSMF UK
 
PPTX
ImageCrypts_Presentationss_Enhanced.pptx
OhDude10
 
PPTX
Cybersecurity in Systems Analysis and Design.pptx
moushi2305101887
 
PDF
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy
WSO2
 
PDF
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Identity Defined Security Alliance
 
PDF
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identity Defined Security Alliance
 
PPTX
AWS Cloud Security
AWS Riyadh User Group
 
PDF
The Hacking Games - Hybrid Cloud Attack Surface Reduction Meetup 09102024.pdf
lior mazor
 
PDF
Design patterns for microservice architecture
The Software House
 
PPTX
SCWCD : Secure web
Ben Abdallah Helmi
 
PPTX
SCWCD : Secure web : CHAP : 7
Ben Abdallah Helmi
 
PDF
Cloud security design considerations
Mike Kavis
 
PDF
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Security Conference
 
PPTX
Cyber security fundamentals & ethical hacking
ervaijnathgoler
 
PPTX
Cloud computing
Shivam Singh
 
PPTX
Cloud security privacy- org
Dharmalingam S
 
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
IoT Lockdown
Adam Englander
 
Unit 5
DhanalakshmiVelusamy1
 
Ian Connelly - Customer service and the dark side updated
itSMF UK
 
ImageCrypts_Presentationss_Enhanced.pptx
OhDude10
 
Cybersecurity in Systems Analysis and Design.pptx
moushi2305101887
 
[WSO2Con EU 2017] The Effects of Microservices on Corporate IT Strategy
WSO2
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Identity Defined Security Alliance
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identity Defined Security Alliance
 
AWS Cloud Security
AWS Riyadh User Group
 
The Hacking Games - Hybrid Cloud Attack Surface Reduction Meetup 09102024.pdf
lior mazor
 
Design patterns for microservice architecture
The Software House
 
SCWCD : Secure web
Ben Abdallah Helmi
 
SCWCD : Secure web : CHAP : 7
Ben Abdallah Helmi
 
Cloud security design considerations
Mike Kavis
 
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Security Conference
 
Cyber security fundamentals & ethical hacking
ervaijnathgoler
 
Cloud computing
Shivam Singh
 
Cloud security privacy- org
Dharmalingam S
 

Recently uploaded (20)

PDF
Exploring AI Agents in Process Industries
amoreira6
 
PPTX
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
PPTX
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
PDF
lesson-2-rules-of-netiquette.pdf.bshhsjdj
jasmenrojas249
 
PDF
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
PDF
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
PPTX
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
PPTX
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
PDF
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
PDF
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
PPTX
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
PDF
Enhancing Healthcare RPM Platforms with Contextual AI Integration
Cadabra Studio
 
PDF
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
PPTX
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
PPTX
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
PPTX
Presentation about Database and Database Administrator
abhishekchauhan86963
 
PDF
Adobe Illustrator Crack Full Download (Latest Version 2025) Pre-Activated
imang66g
 
PDF
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
PDF
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
PPTX
Presentation about variables and constant.pptx
kr2589474
 
Exploring AI Agents in Process Industries
amoreira6
 
Maximizing Revenue with Marketo Measure: A Deep Dive into Multi-Touch Attribu...
bbedford2
 
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
lesson-2-rules-of-netiquette.pdf.bshhsjdj
jasmenrojas249
 
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
classification of computer and basic part of digital computer
ravisinghrajpurohit3
 
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
Enhancing Healthcare RPM Platforms with Contextual AI Integration
Cadabra Studio
 
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
slidesgo-unlocking-the-code-the-dynamic-dance-of-variables-and-constants-2024...
kr2589474
 
Presentation about Database and Database Administrator
abhishekchauhan86963
 
Adobe Illustrator Crack Full Download (Latest Version 2025) Pre-Activated
imang66g
 
An Experience-Based Look at AI Lead Generation Pricing, Features & B2B Results
Thomas albart
 
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
Presentation about variables and constant.pptx
kr2589474
 

Reinforcing Your Enterprise With Security Architectures

  • 1. Reinforcing Your Enterprise With Security Architectures S.Uthaiyashankar VP Engineering, WSO2 [email protected]
  • 2. The Problem… • Security is a non-functional requirements • Very easy to make security holes • Knowledge on security is less – Often people feel secure through obscurity • Too much of security will reduce usability • Security Patterns might help to reduce the risk Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
  • 3. Security • Authentication • Authorization • Confidentiality • Integrity • Non-repudiation • Auditing • Availability Image source: http://coranet.com/images/network-security.png
  • 4. Authentication • Direct Authentication – Basic Authentication – Digest Authentication – TLS Mutual Authentication – OAuth : Client Credentials Service Providers Authentication Service Consumption Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
  • 5. Authentication • Brokered Authentication – SAML – OAuth : SAML2/JWT grant type – OpenID Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source: http://savepic.ru/6463149.gif
  • 6. Authentication • Single Sign On • Multi-factor Authentication Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
  • 7. Authentication • Identity Federation Pattern and Token Exchange
  • 8. Authentication • Identity Federation Pattern and Token Exchange
  • 10. Authentication • Trusted Subsystem Pattern Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
  • 11. Authentication • Multiple User stores Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
  • 13. Authorization • Principle of Least Privilege • Role based Access Control • Attribute based Access Control – Policy based Access Control Image source : http://cdn.meme.am/instances/500x/48651236.jpg
  • 14. Authorization • eXtensible Access Control Markup Language (XACML) Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
  • 15. Confidentiality : Encryption Transport Level Security vs Message Level Security • Transport Level • Message Level • Symmetric Encryption • Asymmetric Encryption • Session key based Encryption Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
  • 16. Integrity : Digital Signatures • Transport Level • Message Level • Symmetric Signature • Asymmetric Signature • Session key based Signature Image Source : http://memegenerator.net/instance2/4350097
  • 17. Non-repudiation: Digital Signatures • Message Level • Asymmetric Signature Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
  • 18. Auditing • However secure you are, people might make mistake • Collect the (audit) logs and analyze for – Anomaly – Fraud Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
  • 19. Availability • Network Level Measures • Throttling • Heart beat and hot pooling Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
  • 20. Secure Deployment Pattern Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration Client Application
  • 21. Secure Deployment Pattern : More restricted Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration, Message Broker Client Application