SlideShare a Scribd company logo

Reinforcing Your Enterprise With Security Architectures

Download as PPTX, PDF
U
Uthaiyashankar

The document discusses various security architectures and patterns that can reinforce an enterprise's security. It covers authentication methods like direct authentication, brokered authentication, and single sign-on. It also discusses authorization techniques like role-based access control and attribute-based access control. Additionally, it outlines ways to ensure confidentiality through encryption, integrity through digital signatures, non-repudiation also using digital signatures, auditing to detect anomalies and fraud, and patterns for availability and secure deployment with demilitarized zones and firewalls. The document provides an overview of important security concepts and architectures that can help reduce risk within an enterprise.

Software
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Reinforcing Your Enterprise With Security Architectures S.Uthaiyashankar VP Engineering, WSO2 shankar@wso2.com
The Problem
 ‱ Security is a non-functional requirements ‱ Very easy to make security holes ‱ Knowledge on security is less – Often people feel secure through obscurity ‱ Too much of security will reduce usability ‱ Security Patterns might help to reduce the risk Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
Security ‱ Authentication ‱ Authorization ‱ Confidentiality ‱ Integrity ‱ Non-repudiation ‱ Auditing ‱ Availability Image source: http://coranet.com/images/network-security.png
Authentication ‱ Direct Authentication – Basic Authentication – Digest Authentication – TLS Mutual Authentication – OAuth : Client Credentials Service Providers Authentication Service Consumption Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
Authentication ‱ Brokered Authentication – SAML – OAuth : SAML2/JWT grant type – OpenID Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source: http://savepic.ru/6463149.gif
Authentication ‱ Single Sign On ‱ Multi-factor Authentication Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
Authentication ‱ Identity Federation Pattern and Token Exchange
Authentication ‱ Identity Federation Pattern and Token Exchange
Authentication ‱ Identity Bus
Authentication ‱ Trusted Subsystem Pattern Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
Authentication ‱ Multiple User stores Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
Provisioning
Authorization ‱ Principle of Least Privilege ‱ Role based Access Control ‱ Attribute based Access Control – Policy based Access Control Image source : http://cdn.meme.am/instances/500x/48651236.jpg
Authorization ‱ eXtensible Access Control Markup Language (XACML) Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
Confidentiality : Encryption Transport Level Security vs Message Level Security ‱ Transport Level ‱ Message Level ‱ Symmetric Encryption ‱ Asymmetric Encryption ‱ Session key based Encryption Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
Integrity : Digital Signatures ‱ Transport Level ‱ Message Level ‱ Symmetric Signature ‱ Asymmetric Signature ‱ Session key based Signature Image Source : http://memegenerator.net/instance2/4350097
Non-repudiation: Digital Signatures ‱ Message Level ‱ Asymmetric Signature Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
Auditing ‱ However secure you are, people might make mistake ‱ Collect the (audit) logs and analyze for – Anomaly – Fraud Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
Availability ‱ Network Level Measures ‱ Throttling ‱ Heart beat and hot pooling Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
Secure Deployment Pattern Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration Client Application
Secure Deployment Pattern : More restricted Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration, Message Broker Client Application
Thank You

More Related Content

PPTX
Planning Your Cloud Strategy
Uthaiyashankar
 
PPTX
Identity and Access Management in the Era of Digital Transformation
Uthaiyashankar
 
PPTX
Federated and fabulous identity
Andre N. Klingsheim
 
PPTX
IoT mobile app device cloud identity and security architecture
Vinod Wilson
 
PPTX
IAM Cloud
Aidy Tificate
 
PPTX
Wif and sl4 (en)
Nuno Godinho
 
PPTX
The lazy programmer`s way to secure application
Lev Maltsev
 
PPTX
Trust, Blockchains, and Self-Soveriegn Identity
Phil Windley
 
Planning Your Cloud Strategy
Uthaiyashankar
 
Identity and Access Management in the Era of Digital Transformation
Uthaiyashankar
 
Federated and fabulous identity
Andre N. Klingsheim
 
IoT mobile app device cloud identity and security architecture
Vinod Wilson
 
IAM Cloud
Aidy Tificate
 
Wif and sl4 (en)
Nuno Godinho
 
The lazy programmer`s way to secure application
Lev Maltsev
 
Trust, Blockchains, and Self-Soveriegn Identity
Phil Windley
 

What's hot (20)

PDF
Solving problems with authentication
MecklerMedia
 
PDF
IT-Security@Contemporary Life
Oliver Pfaff
 
PPTX
Identity Management
Venkatesh Jambulingam
 
PPTX
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
Robin Vermeirsch
 
PDF
Security Considerations for Microservices and Multi cloud
Neelkamal Gaharwar
 
PPTX
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
PPTX
Azure active directory
EducationTamil
 
PPTX
Core defense mechanisms against security attacks on web applications
Karan Nagrecha
 
PDF
About Microservices
Salvatore Cordiano
 
PDF
Road to Microservices
Salvatore Cordiano
 
PDF
Enterprise Collaboration - 4
Nitin Kohli
 
PDF
Understanding Claim based Authentication
Mohammad Yousri
 
PPTX
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
PPT
Authentication Technologies
Nicholas Davis
 
PDF
Citirx Day 2013: Citrix Enterprise Mobility
Digicomp Academy AG
 
PDF
SwellRT: Facilitating decentralized real-time collaboration
Samer Hassan
 
PDF
OAuth
IvĂĄn FernĂĄndez Perea
 
PPTX
Securing Access Through a Multi-Purpose Credential and Digital ID
ForgeRock
 
PDF
Duo MFA integration with CoinJar Bitcoin Wallet
Amir Yunas
 
PDF
Claim based authentaication
Sean Xiong
 
Solving problems with authentication
MecklerMedia
 
IT-Security@Contemporary Life
Oliver Pfaff
 
Identity Management
Venkatesh Jambulingam
 
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
Robin Vermeirsch
 
Security Considerations for Microservices and Multi cloud
Neelkamal Gaharwar
 
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
Azure active directory
EducationTamil
 
Core defense mechanisms against security attacks on web applications
Karan Nagrecha
 
About Microservices
Salvatore Cordiano
 
Road to Microservices
Salvatore Cordiano
 
Enterprise Collaboration - 4
Nitin Kohli
 
Understanding Claim based Authentication
Mohammad Yousri
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
Authentication Technologies
Nicholas Davis
 
Citirx Day 2013: Citrix Enterprise Mobility
Digicomp Academy AG
 
SwellRT: Facilitating decentralized real-time collaboration
Samer Hassan
 
OAuth
IvĂĄn FernĂĄndez Perea
 
Securing Access Through a Multi-Purpose Credential and Digital ID
ForgeRock
 
Duo MFA integration with CoinJar Bitcoin Wallet
Amir Yunas
 
Claim based authentaication
Sean Xiong
 
Ad

Viewers also liked (11)

PDF
CIS14: Are the Enterprises Ready for Identity of Everything?
CloudIDSummit
 
PDF
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
 
PDF
WSO2Con 2013 - WSO2 as a Crypto Platform
Roger CARHUATOCTO
 
PDF
OAuth 2.0 Token Exchange: An STS for the REST of Us
Brian Campbell
 
PPTX
Building IAM for OpenStack
Steve Martinelli
 
PPTX
Ldap intro
yousry ibrahim
 
PDF
Authorization and Authentication in Microservice Environments
LeanIX GmbH
 
PDF
Introduction to LDAP and Directory Services
Radovan Semancik
 
PDF
SAML / OpenID Connect / OAuth / SCIM æŠ€èĄ“è§ŁèȘŹ - ID&IT 2014 #idit2014
Nov Matake
 
PPTX
Identity and Access Management - RSA 2017 Security Foundations Seminar
Brian Campbell
 
PDF
Visual Design with Data
Seth Familian
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CloudIDSummit
 
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
 
WSO2Con 2013 - WSO2 as a Crypto Platform
Roger CARHUATOCTO
 
OAuth 2.0 Token Exchange: An STS for the REST of Us
Brian Campbell
 
Building IAM for OpenStack
Steve Martinelli
 
Ldap intro
yousry ibrahim
 
Authorization and Authentication in Microservice Environments
LeanIX GmbH
 
Introduction to LDAP and Directory Services
Radovan Semancik
 
SAML / OpenID Connect / OAuth / SCIM æŠ€èĄ“è§ŁèȘŹ - ID&IT 2014 #idit2014
Nov Matake
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Brian Campbell
 
Visual Design with Data
Seth Familian
 
Ad

Similar to Reinforcing Your Enterprise With Security Architectures (20)

PDF
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2
 
PDF
Making Security Approachable for Developers and Operators
ArmonDadgar
 
PDF
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
PDF
Governance and Security Solution Patterns
WSO2
 
PPT
Security patterns and model driven architecture
bdemchak
 
PPT
Unit 5
DhanalakshmiVelusamy1
 
PDF
Security Patterns for Software Development
Narudom Roongsiriwong, CISSP
 
PDF
Zero Trust Networks Evan Gilman Doug Barth
buracakerina41
 
PDF
Zero Trust Networks Evan Gilman Doug Barth
xovaniparpov15
 
PDF
network security.pdf
KIYALIBAN1
 
PDF
CyberSecurity101.pdf
DhananjaySingh23178
 
PPTX
Week Topic Code Access vs Event Based.pptx
ArjayBalberan1
 
PDF
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Sarthak Sobti
 
PPT
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
tahirnaquash2
 
PDF
20071015 Architecting Enterprise Security
David Chou
 
PPT
Unit_5 grid and cloud comuting security.pt
gvlbcy
 
PPT
ch01.ppt
ssuser4198c4
 
PPTX
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
PPTX
Architecting for Security Resilience
Joel Aleburu
 
PDF
Designing Security Architecture Solutions 1st Edition Jay Ramachandran
wohkwrtliu0660
 
WSO2Con ASIA 2016: Reinforcing Your Enterprise With Security Architectures
WSO2
 
Making Security Approachable for Developers and Operators
ArmonDadgar
 
Cybersecurity_Security_architecture_2023.pdf
abacusgtuc
 
Governance and Security Solution Patterns
WSO2
 
Security patterns and model driven architecture
bdemchak
 
Unit 5
DhanalakshmiVelusamy1
 
Security Patterns for Software Development
Narudom Roongsiriwong, CISSP
 
Zero Trust Networks Evan Gilman Doug Barth
buracakerina41
 
Zero Trust Networks Evan Gilman Doug Barth
xovaniparpov15
 
network security.pdf
KIYALIBAN1
 
CyberSecurity101.pdf
DhananjaySingh23178
 
Week Topic Code Access vs Event Based.pptx
ArjayBalberan1
 
Network Security and Cyber Laws (Complete Notes) for B.Tech/BCA/BSc. IT
Sarthak Sobti
 
Intro-2013.pptIntro-2013.pptIntro-2013.ppt
tahirnaquash2
 
20071015 Architecting Enterprise Security
David Chou
 
Unit_5 grid and cloud comuting security.pt
gvlbcy
 
ch01.ppt
ssuser4198c4
 
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
Architecting for Security Resilience
Joel Aleburu
 
Designing Security Architecture Solutions 1st Edition Jay Ramachandran
wohkwrtliu0660
 

Recently uploaded (20)

PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Introduction to Artificial Intelligence
lohedi9363
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
AI in Product Development-omnex systems
omnex systems
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
System and Network Administraation Chapter 3
jaramharo
 
Introduction Database Management System for Course Database
ReinertYosua
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 

Reinforcing Your Enterprise With Security Architectures

  • 1. Reinforcing Your Enterprise With Security Architectures S.Uthaiyashankar VP Engineering, WSO2 shankar@wso2.com
  • 2. The Problem
 ‱ Security is a non-functional requirements ‱ Very easy to make security holes ‱ Knowledge on security is less – Often people feel secure through obscurity ‱ Too much of security will reduce usability ‱ Security Patterns might help to reduce the risk Image Source: http://cdn.c.photoshelter.com/img-get/I0000WglLK9YvkQM/s/750/750/gmat-matyasi-14.jpg
  • 3. Security ‱ Authentication ‱ Authorization ‱ Confidentiality ‱ Integrity ‱ Non-repudiation ‱ Auditing ‱ Availability Image source: http://coranet.com/images/network-security.png
  • 4. Authentication ‱ Direct Authentication – Basic Authentication – Digest Authentication – TLS Mutual Authentication – OAuth : Client Credentials Service Providers Authentication Service Consumption Image Source : http://www.densodynamics.com/wp-content/uploads/2016/01/gandalf.jpg
  • 5. Authentication ‱ Brokered Authentication – SAML – OAuth : SAML2/JWT grant type – OpenID Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source: http://savepic.ru/6463149.gif
  • 6. Authentication ‱ Single Sign On ‱ Multi-factor Authentication Service Providers Service Providers Service Providers Identity Provider Service Providers Authentication Service Consumption Trust Image source : https://upload.wikimedia.org/wikipedia/commons/e/ef/CryptoCard_two_factor.jpg
  • 7. Authentication ‱ Identity Federation Pattern and Token Exchange
  • 8. Authentication ‱ Identity Federation Pattern and Token Exchange
  • 10. Authentication ‱ Trusted Subsystem Pattern Source: https://i-msdn.sec.s-msft.com/dynimg/IC2296.gif
  • 11. Authentication ‱ Multiple User stores Image Source: https://malalanayake.files.wordpress.com/2013/01/multiple-user-stores1.png?w=645&h=385
  • 13. Authorization ‱ Principle of Least Privilege ‱ Role based Access Control ‱ Attribute based Access Control – Policy based Access Control Image source : http://cdn.meme.am/instances/500x/48651236.jpg
  • 14. Authorization ‱ eXtensible Access Control Markup Language (XACML) Image Source : https://nadeesha678.wordpress.com/2015/09/29/xacml-reference-architecture/
  • 15. Confidentiality : Encryption Transport Level Security vs Message Level Security ‱ Transport Level ‱ Message Level ‱ Symmetric Encryption ‱ Asymmetric Encryption ‱ Session key based Encryption Image Source: http://www.thetimes.co.uk/tto/multimedia/archive/00727/cartoon-web_727821c.jpg
  • 16. Integrity : Digital Signatures ‱ Transport Level ‱ Message Level ‱ Symmetric Signature ‱ Asymmetric Signature ‱ Session key based Signature Image Source : http://memegenerator.net/instance2/4350097
  • 17. Non-repudiation: Digital Signatures ‱ Message Level ‱ Asymmetric Signature Image Source: http://www.demotivation.us/media/demotivators/demotivation.us_DENIAL-What-ever-it-is...-I-DIDNT-DO-IT_133423312332.jpg
  • 18. Auditing ‱ However secure you are, people might make mistake ‱ Collect the (audit) logs and analyze for – Anomaly – Fraud Source: https://745515a37222097b0902-74ef300a2b2b2d9e236c9459912aaf20.ssl.cf2.rackcdn.com/f33df70e3ffd92d1f68827dd559aa82c.jpeg
  • 19. Availability ‱ Network Level Measures ‱ Throttling ‱ Heart beat and hot pooling Image Source: https://www.corero.com/img/blog/thumb/62327%207%20365.jpg
  • 20. Secure Deployment Pattern Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration Client Application
  • 21. Secure Deployment Pattern : More restricted Red Zone (Internet) Firewall Yellow Zone (DMZ) Firewall Green Zone (Internal) Services, Database API Gateway, Integration, Message Broker Client Application