SlideShare a Scribd company logo

Securing mule

Download as PPTX, PDF
S
Sindhu VL

Anypoint Enterprise Security provides various security features in Mule applications, including the Mule Secure Token Service, Credentials Vault, message encryption and digital signature processors, and filters. These features help secure valuable application information from unauthorized access while allowing authorized users and systems to access data. Security is configured in Mule through the Security Manager and supports standards like Spring Security, WS-Security, and SAML. As of version 3.5.0, Mule can also be configured to run in FIPS 140-2 compliant mode for additional security.

Design
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Securing - Mule Presented By Sindhu VL
Securing Steps :  Anypoint Enterprise Security  Configuring Security  FIPS 140-2 Compliance Support
1. Anypoint Enterprise Security :  Anypoint Enterprise Security is a collection of security features that enforce secure access to information in Mule applications.  This suite of security features provides various methods for applying security to Mule Service-Oriented Architecture (SOA) implementations and Web services. The following security features bridge gaps between trust boundaries in applications:
 Mule Secure Token Service (STS) OAuth 2.0a Provider  Mule Credentials Vault  Mule Message Encryption Processor  Mule Digital Signature Processor  Mule Filter Processor  Mule CRC32 Processor
Why Do Applications Need Security?  Businesses must ensure that the valuable information they store and make available through software applications and Web services is secure. Locked away and protected from unauthorized users and malicious attackers, protected resources — such as credit card information or Social Security numbers — must still be accessible to authorized legitimate users and systems in order to conduct business transactions.  To provide secure access to information, applications and services can apply a variety of security measures. The suite of security features in Anypoint Enterprise Security enables developers to protect applications according to security requirements, prevent security breaches and facilitate authorized access to data.
Advantages of Anypoint Enterprise Security :  Anypoint Enterprise Security adds new features on top of of Mule ESB Enterprise’s existing security capabilities. Mule ESB already provides the following security features:  Mule Security Manager, client authentication and authorization on inbound requests as well as credential mapping for outbound calls  LDAP and third party identity management system integration  Validation of inbound requests through the SAML 2.0 federated identity standard  Secure FTP (SFTP) Transport that enables Mule flows to read and write to remote directories over the SSH protocol.
Mule Credentials Vault :  Mule can encrypt properties in a .properties file. The .properties file in Mule stores data as key-value pairs. Mule flows may access this data — usernames, first and last names, credit card information — as the flow processes messages. In the context of Anypoint Enterprise Security, Mule refers to the .properties file in which it safely stores encrypted properties as the Mule Credentials Vault.  Encrypt a properties file
Mule Message Encryption Processor :  Mule can encrypt an entire payload or several fields of data within a message. Where sensitive information must move between users, yet remain hidden from them, a developer can encrypt message content to prevent unauthorized access. Typically, you may need to encrypt data such as a password, credit card number or social security number (SSN).  Encrypt a message payload Decrypt a message payload
Mule Digital Signature Processor :  Mule uses digital signatures to ensure that messages maintain integrity and authenticity. Mule can verify that an incoming Web service request originates from a valid source, and can sign an outgoing Web service response to ensure its contents. Digital signatures ensure that a sender is valid, that a message is not modified in transit between Web services, and that no unauthorized user has tampered with a message.  Add a digital signature to a message in Mule Sign part of a message payload Verify a digital signature in Mule
Mule Filter Processor :  Mule can filter messages it receives to avoid processing invalid ones. With a filter processor in place, Mule discards any message it receives that does not match the filter’s parameters — a message from outside a set range of IP addresses, for example.  Filter unsecure messages
Mule CRC32 Processor :  Mule can apply a cyclic redundancy check (CRC) to messages to ensure message integrity. CRC uses an algorithm to apply a check value to a message when it enters a system, and verifies the value when the message leaves the system. If the entry and exit values do not match, CRC marks the message as changed. Generally, CRC32 (32 indicates the 33-bit polynomial length in the algorithm) detects unintentional changes to messages, such as the accumulation of “noise” between transmission points, but it can also detect unauthorized intentional changes – for instance, flagging a message that has been tampered with during transmission to change it into a Trojan horse.  Apply a CRC to a message
2. Configuring Security :  Mule ESB allows you to authenticate requests via connectors using transport- specific or generic authentication methods. It also allows you to control method-level authorization on your components. The Security Manager is responsible for authenticating requests based on one or more security providers.  For information on the elements you can configure for the Security Manager, seeSecurity Manager Configuration Reference. The following sections provide links to information on configuring different types of security managers.
Spring Security 3.0 :  Spring Security is the next version of Acegi and provides a number of authentication and authorization providers such as JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. The following topics will help you get started securing your flows using Spring Security:  Configuring the Spring Security Manager  Component Authorization Using Spring Security  Setting up LDAP Provider for Spring Security
WS-Security and SAML :  WS-Security is a standard protocol for applying security to Web services. It contains specifications on how integrity and confidentiality in a SOAP message can be enforced via XML signatures and binary security tokens such as X.509 certificates and Kerberos tickets as well as encryption headers. It ensures end-to-end security by working in the application layer as opposed to the transport layer. Mule provides the following resources for WS-Security:  Enabling WS-Security - Describes how to secure your CXF connectors with WS-Security.  SAML Module - Mule now supports the SAML standard for exchange of security information between systems. This module is available in the enterprise edition of Mule as of version 2.2.3
Other Security Integration :  Mule also supports the following security technologies:  Encryption Strategies - Secure your messages by encrypting them.  PGP Security - Secure your messages by encrypting them with PGP.  Jaas Security
3. FIPS 140-2 Compliance Support :  As of Mule 3.5.0, Mule ESB can be configured to run in a FIPS 140-2 certified environment. Note that Mule does not run in FIPS security mode by default. There are two requirements:  Have a certified cryptography module installed in your Java environment  Adjust Mule ESB settings to run in FIPS security mode
Thank You!!!!!!

More Related Content

PPTX
Mule enterprise security
keshav Naidu
 
PPTX
Anypoint enterprise security overview
danishsm84
 
PPTX
Mule securing
Sindhu VL
 
PPT
Mule cloudhub
D.Rajesh Kumar
 
PPTX
Mule Security
Shanky Gupta
 
PPT
Anypoint data gateway
Mohammed246
 
PPTX
Flows in mule
Sindhu VL
 
PPT
Mule salesforce integration solutions
charan teja R
 
Mule enterprise security
keshav Naidu
 
Anypoint enterprise security overview
danishsm84
 
Mule securing
Sindhu VL
 
Mule cloudhub
D.Rajesh Kumar
 
Mule Security
Shanky Gupta
 
Anypoint data gateway
Mohammed246
 
Flows in mule
Sindhu VL
 
Mule salesforce integration solutions
charan teja R
 

What's hot (19)

PPT
Mule anypoint enterprise security
D.Rajesh Kumar
 
PPT
Anypoint data gateway
Praneethchampion
 
PPT
Mule esb api layer
Praneethchampion
 
PPT
Mule security-jaas
Praneethchampion
 
PPT
Mule security - jaas
charan teja R
 
PPT
Mule security
D.Rajesh Kumar
 
PPT
Mule oracle connectors
D.Rajesh Kumar
 
PPT
Mule architecture
Khasim Saheb
 
PPTX
Mule esb
charan teja R
 
PPTX
Mule introduction
rajalbhatt03
 
PPT
Mule esb-connectors
himajareddys
 
PPTX
Mule MMC Integration with LDAP
Sanjeet Pandey
 
PPT
Mule anypoint data gateway
D.Rajesh Kumar
 
PPT
MULE-JAAS
D.Rajesh Kumar
 
PPT
Mule mule agent
D.Rajesh Kumar
 
PPT
Mule salesforce integration patterns
D.Rajesh Kumar
 
PPT
Filters in Mulesoft
AbdulImrankhan7
 
PPT
Mule anypoint b2 b
D.Rajesh Kumar
 
PPT
Mule ESB
Bui Kiet
 
Mule anypoint enterprise security
D.Rajesh Kumar
 
Anypoint data gateway
Praneethchampion
 
Mule esb api layer
Praneethchampion
 
Mule security-jaas
Praneethchampion
 
Mule security - jaas
charan teja R
 
Mule security
D.Rajesh Kumar
 
Mule oracle connectors
D.Rajesh Kumar
 
Mule architecture
Khasim Saheb
 
Mule esb
charan teja R
 
Mule introduction
rajalbhatt03
 
Mule esb-connectors
himajareddys
 
Mule MMC Integration with LDAP
Sanjeet Pandey
 
Mule anypoint data gateway
D.Rajesh Kumar
 
MULE-JAAS
D.Rajesh Kumar
 
Mule mule agent
D.Rajesh Kumar
 
Mule salesforce integration patterns
D.Rajesh Kumar
 
Filters in Mulesoft
AbdulImrankhan7
 
Mule anypoint b2 b
D.Rajesh Kumar
 
Mule ESB
Bui Kiet
 
Ad

Similar to Securing mule (20)

PPTX
Flowsinmule 160517130818
ppts123456
 
PPTX
Flows in mule
Son Nguyen
 
ODP
Anypoint platform security components
D.Rajesh Kumar
 
PPTX
Mule security
krishna2162
 
PPTX
Anypoint enterprise security
Krishna_in
 
PPT
Mule security
vishnukanthro45
 
PPT
Mule security
charan teja R
 
ODP
Security in mulesoft
akshay yeluru
 
PPT
Mule security
himajareddys
 
PPT
Mule security - pgp
D.Rajesh Kumar
 
ODP
Mule security
D.Rajesh Kumar
 
PPTX
Mule soft Meetup #3
Gaurav Sethi
 
PPTX
Baltimore jan2019 mule4
ManjuKumara GH
 
PPT
Mule anypointenterprisesecurity
himajareddys
 
PPT
Mule security - saml
vishnukanthro45
 
PPT
Mule security - saml
charan teja R
 
PPT
Mule security saml
Khasim Saheb
 
PPT
Mule security saml
irfan1008
 
PPT
Mule security saml
princeirfancivil
 
PPT
Mule security saml
Phaniu
 
Flowsinmule 160517130818
ppts123456
 
Flows in mule
Son Nguyen
 
Anypoint platform security components
D.Rajesh Kumar
 
Mule security
krishna2162
 
Anypoint enterprise security
Krishna_in
 
Mule security
vishnukanthro45
 
Mule security
charan teja R
 
Security in mulesoft
akshay yeluru
 
Mule security
himajareddys
 
Mule security - pgp
D.Rajesh Kumar
 
Mule security
D.Rajesh Kumar
 
Mule soft Meetup #3
Gaurav Sethi
 
Baltimore jan2019 mule4
ManjuKumara GH
 
Mule anypointenterprisesecurity
himajareddys
 
Mule security - saml
vishnukanthro45
 
Mule security - saml
charan teja R
 
Mule security saml
Khasim Saheb
 
Mule security saml
irfan1008
 
Mule security saml
princeirfancivil
 
Mule security saml
Phaniu
 
Ad

More from Sindhu VL (20)

PPTX
Mule - error handling
Sindhu VL
 
PPTX
Mule - beginners guide
Sindhu VL
 
PPTX
Core concepts - mule
Sindhu VL
 
PPTX
Error handling with respect to mule
Sindhu VL
 
PPTX
Core concepts in mule
Sindhu VL
 
PPTX
Basics of mule for beginners
Sindhu VL
 
PPTX
Mule testing
Sindhu VL
 
PPTX
Mule debugging
Sindhu VL
 
PPTX
Service orchestration by using flows
Sindhu VL
 
PPTX
Configuration patterns in mule
Sindhu VL
 
PPTX
Bindings of components in mule
Sindhu VL
 
PPTX
Using maven with mule
Sindhu VL
 
PPTX
Using mule configuration patterns
Sindhu VL
 
PPTX
Using flows for service orchestration
Sindhu VL
 
PPTX
Component bindings in mule
Sindhu VL
 
PPTX
Mule requestor component
Sindhu VL
 
PPTX
Encrption in mule
Sindhu VL
 
PPTX
Concepts in mule
Sindhu VL
 
PPTX
Enterprise service bus mule
Sindhu VL
 
PPTX
Mule errors
Sindhu VL
 
Mule - error handling
Sindhu VL
 
Mule - beginners guide
Sindhu VL
 
Core concepts - mule
Sindhu VL
 
Error handling with respect to mule
Sindhu VL
 
Core concepts in mule
Sindhu VL
 
Basics of mule for beginners
Sindhu VL
 
Mule testing
Sindhu VL
 
Mule debugging
Sindhu VL
 
Service orchestration by using flows
Sindhu VL
 
Configuration patterns in mule
Sindhu VL
 
Bindings of components in mule
Sindhu VL
 
Using maven with mule
Sindhu VL
 
Using mule configuration patterns
Sindhu VL
 
Using flows for service orchestration
Sindhu VL
 
Component bindings in mule
Sindhu VL
 
Mule requestor component
Sindhu VL
 
Encrption in mule
Sindhu VL
 
Concepts in mule
Sindhu VL
 
Enterprise service bus mule
Sindhu VL
 
Mule errors
Sindhu VL
 

Recently uploaded (20)

PPTX
ENG4-Q2-W5-PPT (1).pptx nhdedhhehejjedheh
SaraJeanNace2
 
PDF
Govind singh Corporate office interior Portfolio
GovindSinghManvi
 
PPT
robotS AND ROBOTICSOF HUMANS AND MACHINES
HimanshuJethwani
 
PPTX
Acoustics new a better way to learn sound science
SakshiAggarwal106408
 
PPTX
VERNACULAR_DESIGN_PPT FINAL WITH PROPOSED PLAN.pptx
banikishika701
 
PPTX
PROPOSAL tentang PLN di metode pelaksanaan.pptx
BatutuChiken1
 
PDF
Social Media USAGE .............................................................
shanborkd
 
PDF
intro_to_rust.pptx_123456789012446789.pdf
soumyadipiitk231026
 
PPTX
Presentation1.pptxnmnmnmnjhjhkjkjkkjkjjk
SanaYaqub1
 
PPTX
22CDH01-V3-UNIT III-UX-UI for Immersive Design
GOWSIKRAJA PALANISAMY
 
PPTX
CLASS_11_BUSINESS_STUDIES_PPT_CHAPTER_1_Business_Trade_Commerce.pptx
PRITTHAKKAR7
 
PPTX
2. Competency Based Interviewing - September'16.pptx
kesarisrilakshmi
 
PPTX
Necrosgwjskdnbsjdmdndmkdndndnmdndndkdmdndkdkndmdmis.pptx
JayeshTaneja4
 
PPTX
LITERATURE CASE STUDY DESIGN SEMESTER 5.pptx
banikishika701
 
PPTX
Acoustics new for. Sound insulation and absorber
SakshiAggarwal106408
 
PPT
aksharma-dfs.pptgfgfgdfgdgdfgdfgdgdrgdgdgdgdgdgadgdgd
HassanKaraman3
 
PDF
321 LIBRARY DESIGN.pdf43354445t6556t5656
itunudaramola0
 
PPTX
UNIT III - GRAPHICS AND AUDIO FOR MOBILE
GOWSIKRAJA PALANISAMY
 
PPT
WHY_R12 Uaafafafpgradeaffafafafaffff.ppt
VijayalakshmiGanesh3
 
PPTX
8086.pptx microprocessor and microcontroller
PradeepJuneja1
 
ENG4-Q2-W5-PPT (1).pptx nhdedhhehejjedheh
SaraJeanNace2
 
Govind singh Corporate office interior Portfolio
GovindSinghManvi
 
robotS AND ROBOTICSOF HUMANS AND MACHINES
HimanshuJethwani
 
Acoustics new a better way to learn sound science
SakshiAggarwal106408
 
VERNACULAR_DESIGN_PPT FINAL WITH PROPOSED PLAN.pptx
banikishika701
 
PROPOSAL tentang PLN di metode pelaksanaan.pptx
BatutuChiken1
 
Social Media USAGE .............................................................
shanborkd
 
intro_to_rust.pptx_123456789012446789.pdf
soumyadipiitk231026
 
Presentation1.pptxnmnmnmnjhjhkjkjkkjkjjk
SanaYaqub1
 
22CDH01-V3-UNIT III-UX-UI for Immersive Design
GOWSIKRAJA PALANISAMY
 
CLASS_11_BUSINESS_STUDIES_PPT_CHAPTER_1_Business_Trade_Commerce.pptx
PRITTHAKKAR7
 
2. Competency Based Interviewing - September'16.pptx
kesarisrilakshmi
 
Necrosgwjskdnbsjdmdndmkdndndnmdndndkdmdndkdkndmdmis.pptx
JayeshTaneja4
 
LITERATURE CASE STUDY DESIGN SEMESTER 5.pptx
banikishika701
 
Acoustics new for. Sound insulation and absorber
SakshiAggarwal106408
 
aksharma-dfs.pptgfgfgdfgdgdfgdfgdgdrgdgdgdgdgdgadgdgd
HassanKaraman3
 
321 LIBRARY DESIGN.pdf43354445t6556t5656
itunudaramola0
 
UNIT III - GRAPHICS AND AUDIO FOR MOBILE
GOWSIKRAJA PALANISAMY
 
WHY_R12 Uaafafafpgradeaffafafafaffff.ppt
VijayalakshmiGanesh3
 
8086.pptx microprocessor and microcontroller
PradeepJuneja1
 

Securing mule

  • 2. Securing Steps :  Anypoint Enterprise Security  Configuring Security  FIPS 140-2 Compliance Support
  • 3. 1. Anypoint Enterprise Security :  Anypoint Enterprise Security is a collection of security features that enforce secure access to information in Mule applications.  This suite of security features provides various methods for applying security to Mule Service-Oriented Architecture (SOA) implementations and Web services. The following security features bridge gaps between trust boundaries in applications:
  • 4.  Mule Secure Token Service (STS) OAuth 2.0a Provider  Mule Credentials Vault  Mule Message Encryption Processor  Mule Digital Signature Processor  Mule Filter Processor  Mule CRC32 Processor
  • 5. Why Do Applications Need Security?  Businesses must ensure that the valuable information they store and make available through software applications and Web services is secure. Locked away and protected from unauthorized users and malicious attackers, protected resources — such as credit card information or Social Security numbers — must still be accessible to authorized legitimate users and systems in order to conduct business transactions.  To provide secure access to information, applications and services can apply a variety of security measures. The suite of security features in Anypoint Enterprise Security enables developers to protect applications according to security requirements, prevent security breaches and facilitate authorized access to data.
  • 6. Advantages of Anypoint Enterprise Security :  Anypoint Enterprise Security adds new features on top of of Mule ESB Enterprise’s existing security capabilities. Mule ESB already provides the following security features:  Mule Security Manager, client authentication and authorization on inbound requests as well as credential mapping for outbound calls  LDAP and third party identity management system integration  Validation of inbound requests through the SAML 2.0 federated identity standard  Secure FTP (SFTP) Transport that enables Mule flows to read and write to remote directories over the SSH protocol.
  • 7. Mule Credentials Vault :  Mule can encrypt properties in a .properties file. The .properties file in Mule stores data as key-value pairs. Mule flows may access this data — usernames, first and last names, credit card information — as the flow processes messages. In the context of Anypoint Enterprise Security, Mule refers to the .properties file in which it safely stores encrypted properties as the Mule Credentials Vault.  Encrypt a properties file
  • 8. Mule Message Encryption Processor :  Mule can encrypt an entire payload or several fields of data within a message. Where sensitive information must move between users, yet remain hidden from them, a developer can encrypt message content to prevent unauthorized access. Typically, you may need to encrypt data such as a password, credit card number or social security number (SSN).  Encrypt a message payload Decrypt a message payload
  • 9. Mule Digital Signature Processor :  Mule uses digital signatures to ensure that messages maintain integrity and authenticity. Mule can verify that an incoming Web service request originates from a valid source, and can sign an outgoing Web service response to ensure its contents. Digital signatures ensure that a sender is valid, that a message is not modified in transit between Web services, and that no unauthorized user has tampered with a message.  Add a digital signature to a message in Mule Sign part of a message payload Verify a digital signature in Mule
  • 10. Mule Filter Processor :  Mule can filter messages it receives to avoid processing invalid ones. With a filter processor in place, Mule discards any message it receives that does not match the filter’s parameters — a message from outside a set range of IP addresses, for example.  Filter unsecure messages
  • 11. Mule CRC32 Processor :  Mule can apply a cyclic redundancy check (CRC) to messages to ensure message integrity. CRC uses an algorithm to apply a check value to a message when it enters a system, and verifies the value when the message leaves the system. If the entry and exit values do not match, CRC marks the message as changed. Generally, CRC32 (32 indicates the 33-bit polynomial length in the algorithm) detects unintentional changes to messages, such as the accumulation of “noise” between transmission points, but it can also detect unauthorized intentional changes – for instance, flagging a message that has been tampered with during transmission to change it into a Trojan horse.  Apply a CRC to a message
  • 12. 2. Configuring Security :  Mule ESB allows you to authenticate requests via connectors using transport- specific or generic authentication methods. It also allows you to control method-level authorization on your components. The Security Manager is responsible for authenticating requests based on one or more security providers.  For information on the elements you can configure for the Security Manager, seeSecurity Manager Configuration Reference. The following sections provide links to information on configuring different types of security managers.
  • 13. Spring Security 3.0 :  Spring Security is the next version of Acegi and provides a number of authentication and authorization providers such as JAAS, LDAP, CAS (Yale Central Authentication service), and DAO. The following topics will help you get started securing your flows using Spring Security:  Configuring the Spring Security Manager  Component Authorization Using Spring Security  Setting up LDAP Provider for Spring Security
  • 14. WS-Security and SAML :  WS-Security is a standard protocol for applying security to Web services. It contains specifications on how integrity and confidentiality in a SOAP message can be enforced via XML signatures and binary security tokens such as X.509 certificates and Kerberos tickets as well as encryption headers. It ensures end-to-end security by working in the application layer as opposed to the transport layer. Mule provides the following resources for WS-Security:  Enabling WS-Security - Describes how to secure your CXF connectors with WS-Security.  SAML Module - Mule now supports the SAML standard for exchange of security information between systems. This module is available in the enterprise edition of Mule as of version 2.2.3
  • 15. Other Security Integration :  Mule also supports the following security technologies:  Encryption Strategies - Secure your messages by encrypting them.  PGP Security - Secure your messages by encrypting them with PGP.  Jaas Security
  • 16. 3. FIPS 140-2 Compliance Support :  As of Mule 3.5.0, Mule ESB can be configured to run in a FIPS 140-2 certified environment. Note that Mule does not run in FIPS security mode by default. There are two requirements:  Have a certified cryptography module installed in your Java environment  Adjust Mule ESB settings to run in FIPS security mode