Anypoint platform security components
0 likes244 views
The document discusses security components in the Anypoint platform, including Anypoint Enterprise Security, API Security Manager, and Virtual Private Cloud (VPC). Anypoint Enterprise Security provides security features like message encryption and digital signatures. API Security Manager enables authentication through methods such as usernames/passwords and multi-factor authentication. The Virtual Private Cloud allows users to create a private, isolated network in the cloud to host applications and workers with configurable firewall and VPN connectivity.
Anypoint platform security components
- 1. Anypoint platform security components -RajeshKumar 1
- 2. Anypoint platform security components 2 • Anypoint Enterprise Security • API Security Manager • Virtual Private Cloud (VPC)
- 3. Taking security 3 • MuleSoft’s approach to cloud security is two-folded – MuleSoft actively and consciously avoids inspecting, storing, manipulating, monitoring, or otherwise directly interacting with sensitive customer data – MuleSoft provides a highly secure environment in which customers can perform sensitive data manipulations • A dedicated security team follows industry best practices, runs internal security audits and maintains policies that span operations, data security, passwords and credentials, and secure connectivity
- 4. Identity authentication mechanisms 4 • User authentication – Username and password credentials – Multi-factor authentication – Token-based credentials • API and server authentication – Public/private key cryptography • User authorization – Role based access control (RBAC) – Attribute based access control (ABAC) – OAuth (2.0) delegated access control • Federated identity management – Single Sign-on
- 5. Message integrity 5 • Message verifier – Message received by your API is verified as being the same as sent by the client • Digital signatures – Client produces a signature by using an algorithm and a secret code – API applies the same algorithm and code to produce its own signature and compare it against the incoming signature • Message safety – Protection against potentially harmful data in the request – Attacks often come through large XML documents with multiple levels of nested elements
- 6. Security recommendations 6 • Use “Least Privilege Access” principle • Perform periodic penetration testing • Perform periodic external reviews • Configure Logging and Alerting • Configure secure properties – Optionally consider (centralized) properties management • Credentials management • Tight control on who has administrative access • Use encrypted/secured communications – Both inside and outside the application’s scope
- 7. Anypoint Enterprise Security 7 • Collection of security features that enforce secure access to information in Mule applications • Provides various methods for applying security to Mule applications • Requires an Enterprise license • Add-on module that needs to be installed in Anypoint Studio • Consists of 6 modules • Suitable for both on-premise and cloudhub applications
- 8. Enterprise Security modules 8 • Mule Filter Processor – Compares messages with filter criteria before processing – Filter by IP/timestamp features are available • Mule Credentials Vault – Encrypts the property file – Flow can access the data from property files • Mule Message Encryption Processor – Encrypt or Decrypt part of messages or entire payload – JCE Encrypter, XML Encrypter, PGP Encrypter
- 9. Enterprise Security modules 9 • Mule Secure Token Service (STS) OAuth 2.0a Provider – Security for REST service provider/consumer • Mule Digital Signature Processor – Ensure the integrity and authenticity of the message source • Mule CRC32 processor – Cyclic redundancy check (CRC) to messages to ensure message integrity
- 10. Virtual Private Cloud (VPC) 10 • The Virtual Private Cloud (VPC) offering allows you to virtually create a private and isolated network in the cloud to host workers • Choose to use this isolated network as it best suites your needs – Host your applications in a VPC and take advantage of its load balancer – Configure your own firewall rules for your VPC – Connect your VPC to your corporate intranet whether on-premises or in other clouds via a VPN connection as if they were all part of a single, private network – Set a private DNS server so the workers hosted in a VPC communicate with your internal network using your private host names