SECURE YOUR INTEGRATIONS. Maarten Smeets
|
|
- Eustacia Robinson
- 5 years ago
- Views:
Transcription
1 SECURE YOUR INTEGRATIONS Maarten Smeets
2 About Maarten Integration consultant at AMIS since 2014 Several certifications SOA, BPM, MCS, Java, SQL, PL/SQL, Mule, AWS, etc Enthusiastic blogger
3 500+ Technical Experts Helping Peers Globally 3 Membership Tiers Oracle ACE Director Oracle ACE Oracle ACE Associate bit.ly/oracleaceprogram Connect: oracle-ace_ww@oracle.com Nominate yourself or someone you know: acenomination.oracle.com
4 SECURE YOUR INTEGRATIONS WHAT DO YOU HOPE TO ACHIEVE? SECURITY IN DIFFERENT LAYERS TLS TLS AND JAVA CERTIFICATES KEYSTORES CIPHER SUITES TLS IN THE ORACLE CLOUD APPLICATION SECURITY
5
6 INTRODUCTION GDPR GENERAL DATA PROTECTION REGULATION (GDPR) "...implement measures to mitigate those risks, such as encryption." (P51. (83)) "...appropriate safeguards, which may include encryption" (P121 (4.e)) "...including inter alia as appropriate: (a) the pseudonymization and encryption of personal data." (P160 (1a)) "...unintelligible to any person who is not authorized to access it, such as encryption" (P163 (3a))
7 WHAT DO YOU HOPE TO ACHIEVE? Confidentiality Integrity Authentication Identification Authorization Access to specific resources Entitlements
8 WHAT DO YOU HOPE TO ACHIEVE? CONFIDENTIALITY AND INTEGRITY: REPUDIATION OF EMISSION Do you trust the contents of the message Integrity and Confidentiality
9 WHAT DO YOU HOPE TO ACHIEVE? AUTHENTICATION AND IDENTIFICATION: REPUDIATION OF ORIGIN Do you trust the source of the message Authentication and Identification
10 SECURITY IN DIFFERENT LAYERS Application layer (HTTP, LDAP) Security only in the application layer might cause plaintext passwords or reusable tokens to be transmitted and potentially intercepted TLS/SSL layer Transport layer (TCP, UDP) Network layer (IP)
11 SECURITY IN DIFFERENT LAYERS TLS VS APPLICATION LAYER SECURITY Performance TLS is much faster than security on message contents Granularity TLS is usually on host level Application security can be much more specific Genericity TLS can be used on HTTP, SMTP, T3 Application layer security is specific for a platform / application
12 SECURITY IN DIFFERENT LAYERS WHICH PRODUCTS? Loadbalancers For example F5 product Oracle Traffic Director (also used in Oracle Cloud) On a webserver / application server Oracle HTTP Server WebLogic Server Using an API gateway product API Platform Cloud Service API Gateway
13 TRANSPORT LAYER SECURITY 1 2 Concepts TLS and Java
14 SECURITY IN DIFFERENT LAYERS WHAT CAN YOU ACHIEVE WITH TLS? Secure message exchange Confidentiality by using symmetric cryptography Integrity by using message authentication codes (MAC) Identification Authentication By using public key cryptography Authorization
15 BACKGROUND AND CONCEPTS TLS: VERSIONS Netscape IETF TLS version Released Most important vulnerabilities SSL 1 No Never released due to too many issues SSL DROWN SSL POODLE TLS BEAST TLS CBC, Sweet32 TLS Logjam, FREAK, Heartbleed (OpenSSL) TLS 1.3 TBD
16 BACKGROUND AND CONCEPTS TLS: JAVA TLS 1.2 is supported from Oracle JDK 6u121 JRockit R JCE on JRockit and Oracle JDK See Oracle support Doc ID JCE for the best cipher suites Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files JCE is no longer required after Version 6u191, 7u181, 8u171, 9
17 BACKGROUND AND CONCEPTS Handshake Certificates Keystores Cipher suites
18 BACKGROUND AND CONCEPTS TLS LAYER Client and server perform a handshake During the handshake certificates are exchanged Certificates are stored in keystores and can be checked Client and server agree on further details of the connection (cipher suite)
19 BACKGROUND AND CONCEPTS WHAT S IN A CERTIFICATE A public key Information on the issuer A serial number, unique per issuer A period during which the certificate is valid A hostname or hostname wildcard References to certificate revocation lists
20 BACKGROUND AND CONCEPTS CERTIFICATES AND TRUST
21 BACKGROUND AND CONCEPTS KEYSTORES
22 BACKGROUND AND CONCEPTS KEYSTORES: FILE BASED FORMATS Java Keystore / JKS File extension:.jks Keystore Explorer Public-Key Cryptography Standards / PKCS #12 File extension:.p12 or.pfx Portecle Java Cryptography Extension KeyStore / JCEKS For storing secret keys / credentials File extension:.jceks keytool
23 BACKGROUND AND CONCEPTS KEYSTORES: ORACLE PLATFORM SECURITY SERVICES (OPSS) KeyStoreService / KSS Credential Store Framework or CSF
24 BACKGROUND AND CONCEPTS CIPHER SUITES Key exchange Signature Bulk encryption algorithm Message authentication algorithm TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Authentication Identification Repudiation of origin Confidentiality Integrity Repudiation of emission
25 BACKGROUND AND CONCEPTS CIPHER SUITES: AGREEMENT CLIENT/SERVER DURING HANDSHAKE Hi! I can speak Dutch and English. Hi! I can speak Norwegian and English I would prefer Norwegian but since you wouldn t understand me, lets talk English! Client Server
26 BACKGROUND AND CONCEPTS CIPHER SUITES: AGREEMENT CLIENT/SERVER DURING HANDSHAKE The server has a list of supported cipher suites in order of preference The server chooses the cipher suite which will be used based on what the client indicates it supports If the server supports a poor cipher suite (even with a low priority) the client can indicate it only supports that one and it will be used! Some cipher suites do not do encryption, key exchange or message integrity checking
27 BACKGROUND AND CONCEPTS USING A TLS CONNECTION IS NOT SECURE BY DEFAULT! Lets do security! Lets not check each others identity, do encryption or integrity checks, ok? Good idea! Lets do that! Sure! Yay! We re secure! Client Server
28 BACKGROUND AND CONCEPTS 1 2 One way TLS Two way TLS
29 BACKGROUND AND CONCEPTS ONE WAY The client does not send a certificate the server can check The server sends a certificate the client can check
30 BACKGROUND AND CONCEPTS TWO WAY The client sends a certificate the server can check The server sends a certificate the client can check
31 BACKGROUND AND CONCEPTS CONSIDERATIONS ONE OR TWO WAY SSL Do you require validation of the client? Are client and server located in the same data center? Is the server publicly exposed? Can you control the client? Force the client to use a client certificate? Manage client certificates next to server certificates Performance. Per TLS connection extra validations need to be performed. More network traffic is required since the client also sends a certificate
32 TLS IN SOA SUITE OUTBOUND 2-WAY 1 2 Composites Service Bus
33 TLS IN SOA SUITE Composites: one client certificate for 2-way TLS per domain Service Bus: multiple client certificates for 2-way TLS configurable per service
34 TLS IN SOA SUITE COMPOSITES Configure the composite identity keystore This is domain level configuration! Not customizable per service Configure keystore password and key password Add CSF entries in the folder SOA Configure composite reference for 2-way SSL <property name= oracle.soa.two.way.ssl.enabled >true</property>
35 TLS IN SOA SUITE SERVICE BUS PKICredentialMapper Create a PKICredentialMapper in WebLogic Console Configure the keystore and keystore password to use ServiceKeyProvider Create a ServiceKeyProvider in a project (or a shared location) This uses the PKICredentialMapper. Contains a reference to the key and key password
36 TLS IN THE ORACLE CLOUD 1 2 IaaS and Compute based PaaS Non Compute based PaaS and SaaS
37 TLS IN THE ORACLE CLOUD IAAS AND COMPUTE BASED PAAS Services in which the customer can access the VM Like Java Cloud Service, Database Cloud Service bring your own host name policy The customer is responsible for requesting a certificate and implementing it
38 TLS IN THE ORACLE CLOUD NON COMPUTE BASED PAAS AND SAAS Services like ICS SOACS Mobile Cloud Service Document Cloud Service Sales Cloud ERP Cloud Oracle offers a (wildcard) certificate per cloud service per region Cipher suites are preconfigured not configurable
39 TLS IN THE ORACLE CLOUD CIPHER SUITES TLS 1.2 GCM cipher suites are not supported. These offer integrity checking. Several SHA cipher suites (next to SHA256). These are vulnerable against collision attacks RSA key exchange does not provide forward secrecy TLS_RSA_WITH_3DES_EDE_CBC_SHA Is a weak cipher suite TLS 1.0 is supported Possibly vulnerable for POODLE and BEAST
40 APPLICATION SECURITY 1 2 SOAP, REST WS Security in OWSM
41 WHAT DO YOU HOPE TO ACHIEVE? Confidentiality Integrity Authentication Identification Authorization Access to specific resources Entitlements
42 APPLICATION SECURITY HTTP OAuth Basic authentication Cute, but (mostly) - Plaintext passwords are transmitted - Plaintext usernames are transmitted - Re-usable tokens are exchanged REST/JSON JSON Web Tokens (JWT) JSON Object Signing and Encryption (JOSE) SOAP/XML SAML WS-Security Fixes that!
43 APPLICATION SECURITY SECURE TOKEN SERVICE Tokens can be transmitted as part of the HTTP body in an HTTP header
44 APPLICATION SECURITY SECURE TOKEN EXAMPLES
45 AUTHENTICATIE / IDENTIFICATION WS SECURITY TOKENS 1 2 UsernamePassword token Digest token
46 APPLICATION SECURITY WEBLOGIC SERVER: ORACLE WEBSERVICE MANAGER Centrally define and store declarative policies applied to the multiple Web services. Locally enforce policies through configurable agents. Monitor run time security events such as failed authentication or authorization.
47 AUTHENTICATION WS-SECURITY BASED ON USERNAME/PASSWORD WS-Security Username Authentication oracle/wss_username_token_client_policy oracle/wss_username_token_server_policy
48 AUTHENTICATION WS-SECURITY USING A DIGEST TOKEN WS-Security offers digest based authentication A digest consists of a cryptographic hash of A password A nonce: a number which can be used only once A timestamp
49 AUTHENTICATION WS-SECURITY USING DIGEST TOKEN IN WLS/OWSM WebLogic Server + OWSM Only with WLS internal LDAP Passwords should be decryptable to generate digests Can only authenticate users created after the digest configuration has been applied Nonce A nonce can be cached in Coherence Mind the Coherence cluster configuration!
50 AUTHORIZATION oracle/binding_authorization_template Role based access to a binding oracle/component_authorization_template Role based access to a component oracle/component_permission_authorization_template Authenticated subject can access component / webservice operation
51 INTEGRITY AND CONFIDENTIALITY Confidentiality: XML Encryption Message encryption Integrity: XML Signature Messages have not been altered since signing Signature can be checked to confirm the clients identity party
52 INTEGRITY AND CONFIDENTIALITY ORACLE WEBSERVICE MANAGER: POLICIES oracle/wss10_message_protection_client_policy oracle/wss11_message_protection_client_policy oracle/wss10_message_protection_server_policy oracle/wss11_message_protection_server_policy KSS keystore: Key alias JKS keystore: CSF entry in oracle.wsm.security
53 CONFIDENTIALITY PERSONALLY IDENTIFIABLE INFORMATION oracle/pii_security_policy Encryption of Personally Identifiable Information (PII) Only within a composite Want to use the value? Decrypt! (using Java embedding)
54 CONFIDENTIALITY PERSONALLY IDENTIFIABLE INFORMATION oracle/pii_security_policy Encryption of Personally Identifiable Information (PII) Only within a composite Want to use the value? Decrypt! (using Java embedding)
55 1 2 Considerations Food for thought
56 PERFORMANCE WS SecureConversation The number of authentications is reduced System entropy (especially on VMs) Preemptive basic authentication
57 CONSIDERATIONS Manageability Testability Complexity Performance Flexibility License fee Coverage Futureproof DTAP Capabilities of software Sensitivity of data
58 FOOD FOR THOUGHT GDPR Do you know what Personally Identifiable Information (PII) exactly is? Do you know which measures are required for the PII data you have? Do you know where your PII data is located, cached, stored (backups?), aggregated, analyzed,? Do you know who can access / has accessed this data? And for what reason? Do you know which agreements (for storing, processing, transmitting) are required and who is responsible for them? Do you have data lifecycle management in place? Can you remove PII data upon request? Can you provide a client with all their PII data you have on them?
59
COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationTLS1.2 IS DEAD BE READY FOR TLS1.3
TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationOracle Communications Services Gatekeeper
Oracle Communications Services Gatekeeper Security Guide Release 5.1 E36134-01 June 2013 Oracle Communications Services Gatekeeper Security Guide, Release 5.1 E36134-01 Copyright 2011, 2013, Oracle and/or
More informationzentrale Sicherheitsplattform für WS Web Services Manager in Action: Leitender Systemberater Kersten Mebus
Web Services Manager in Action: zentrale Sicherheitsplattform für WS Kersten Mebus Leitender Systemberater Agenda Web Services Security Oracle Web Service Manager Samples OWSM vs
More informationContainer-Native Applications
Container-Native Applications Security, Logging, Tracing Matthias Fuchs, @hias222 DOAG 2018 Exa & Middleware Days, 2018/06/19 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS
More informationGetting Started w/ Security for your Oracle SOA Suite Integrations
Thursday, May 17, 2018 4:00 5:00pm Getting Started w/ Security for your Oracle SOA Suite Integrations From Transport Protection to API Management MAY 16 & 17, 2018 CLEVELAND PUBLIC AUDITORIUM, CLEVELAND,
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationTIBCO ActiveMatrix Policy Director Administration
TIBCO ActiveMatrix Policy Director Administration Software Release 2.0.0 November 2014 Document Updated: January 2015 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES
More informationOpen XML Gateway User Guide. CORISECIO GmbH - Uhlandstr Darmstadt - Germany -
Open XML Gateway User Guide Conventions Typographic representation: Screen text and KEYPAD Texts appearing on the screen, key pads like e.g. system messages, menu titles, - texts, or buttons are displayed
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationInteroperability Solutions Guide for Oracle Web Services Manager 12c (12.2.1)
[1]Oracle Fusion Middleware Interoperability Solutions Guide for Oracle Web Services Manager 12c (12.2.1) E57783-01 October 2015 Documentation for software developers that describes how to implement the
More informationOracle Fusion Middleware
Oracle Fusion Middleware Understanding Oracle Web Services Manager 12c (12.1.2) E28242-01 June 2013 Documentation for developers and administrators that introduces features of the Oracle Web Services Manager
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More information1z0-479 oracle. Number: 1z0-479 Passing Score: 800 Time Limit: 120 min.
1z0-479 oracle Number: 1z0-479 Passing Score: 800 Time Limit: 120 min Exam A QUESTION 1 What is the role of a user data store in Oracle Identity Federation (OIF) 11g when it is configured as an Identity
More informationOverview of TLS v1.3 What s new, what s removed and what s changed?
Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationDatapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record
1 2 3 Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record 5 White boxes show the access points for different kinds of security. That s what we will
More informationYour Apps and Evolving Network Security Standards
Session System Frameworks #WWDC17 Your Apps and Evolving Network Security Standards 701 Bailey Basile, Secure Transports Engineer Chris Wood, Secure Transports Engineer 2017 Apple Inc. All rights reserved.
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationOracle Fusion Middleware
Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager 11g Release 1 (11.1.1) E16098-01 October 2009 This document describes how to implement the most common Oracle WSM interoperability
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationRandomness Extractors. Secure Communication in Practice. Lecture 17
Randomness Extractors. Secure Communication in Practice Lecture 17 11:00-12:30 What is MPC? Manoj Monday 2:00-3:00 Zero Knowledge Muthu 3:30-5:00 Garbled Circuits Arpita Yuval Ishai Technion & UCLA 9:00-10:30
More informationDROWN - Breaking TLS using SSLv2
DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,
More informationDyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationNorbert Muehr (Siemens PLM GTAC EMEA)
Presentation date: 2018 10 31 Presenter name: Room name: Presentation title: Norbert Muehr (Siemens PLM GTAC EMEA) Room Paris Hardening SSL Configuring a Teamcenter-System for Perfect Forward Secrecy PLM
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationCSCE 813 Internet Security Secure Services I
CSCE 813 Internet Security Secure E-Mail Services I Professor Lisa Luo Fall 2017 Previous Class Why do we need cloud computing? Three models of cloud service Software as a service (SaaS) Platform as a
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationScan Report Executive Summary. Part 2. Component Compliance Summary IP Address :
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 03/18/2015 Scan expiration date: 06/16/2015 Part 2. Component
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationSecurity Improvements on Cast Iron
IBM Software Group Security Improvements on Cast Iron 7.0.0.2 Subhashini Yegappan, Software Support Engineer (syegapp@us.ibm.com) Raja Sreenivasan, Advisory Software Engineer (rsreeniv@in.ibm.com) 31-Mar-2015
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationEnabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface
Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface Release 7.1 Revised: March 5, 2013 1:53 pm This document describes the
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationPolicy Manager for IBM WebSphere DataPower 7.2: Configuration Guide
Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide Policy Manager for IBM WebSphere DataPower Configuration Guide SOAPMDP_Config_7.2.0 Copyright Copyright 2015 SOA Software, Inc. All rights
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationCSCE 813 Internet Security Final Exam Preview
CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationOracle Insurance Rules Palette
Oracle Insurance Rules Palette Security Guide Version 10.2.0.0 Document Part Number: E62439-01 August, 2015 Copyright 2009, 2015, Oracle and/or its affiliates. All rights reserved. Trademark Notice Oracle
More informationGlenda Whitbeck Global Computing Security Architect Spirit AeroSystems
Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.3: Network Security SSL/TLS Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) Analysis of the HTTPS Certificate
More information4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates
4.2 Authenticating to REST Services Q u i c k R e f e r e n c e G u i d e In IdentityX 4.1, REST services have an authentication and signing requirement that is handled by the IdentityX REST SDKs. In order
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationSMPTE Standards Transition Issues for NIST/FIPS Requirements
SMPTE Standards Transition Issues for NIST/FIPS Requirements Contents 2010.5.20 DRM inside Taehyun Kim 1 Introduction NIST (National Institute of Standards and Technology) published a draft special document
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationWeb as a Distributed System
Web as a Distributed System The World Wide Web is a large distributed system. In 1998 comprises 70-75% of Internet traffic. With large transfers of streaming media and p2p, no longer a majority of bytes,
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationOracle Fusion Middleware
Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager 11g Release 1 (11.1.1) E16098-04 January 2011 This document describes how to implement the most common Oracle WSM interoperability
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationPublic Key Enabling Oracle Weblogic Server
DoD Public Key Enablement (PKE) Reference Guide Public Key Enabling Oracle Weblogic Server Contact: dodpke@mail.mil URL: http://iase.disa.mil/pki-pke URL: http://iase.disa.smil.mil/pki-pke Public Key Enabling
More informationSSL Report: bourdiol.xyz ( )
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > bourdiol.xyz > 217.70.180.152 SSL Report: bourdiol.xyz (217.70.180.152) Assessed on: Sun Apr 19 12:22:55 PDT 2015 HIDDEN
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationLet's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX
Let's Encrypt - Free SSL certificates for the masses Pete Helgren Bible Study Fellowship International San Antonio, TX Agenda Overview of data security Encoding and Encryption SSL and TLS Certficate options
More informationThe State of TLS in httpd 2.4. William A. Rowe Jr.
The State of TLS in httpd 2.4 William A. Rowe Jr. wrowe@apache.org Getting Started Web references have grown stale Web references have grown stale Guidance is changing annually https://www.ssllabs.com/ssltest/analyze.ht
More informationDeploying a New Hash Algorithm. Presented By Archana Viswanath
Deploying a New Hash Algorithm Presented By Archana Viswanath 1 function? Hash function - takes a message of any length as input - produces a fixed length string as output - termed as a message digest
More informationSetting Up a Cisco Unified Communications Manager SIP Trunk Integration, page 1
Up a Cisco Unified Communications Manager SIP Trunk Integration This chapter provides instructions for setting up a Cisco Unified Communications Manager SIP trunk integration with Cisco Unity Connection.
More informationOracle Fusion Middleware
Oracle Fusion Middleware Using Oracle Eloqua Cloud Adapter Release 12.2.1.1.0 E73562-01 June 2016 Oracle Fusion Middleware Using Oracle Eloqua Cloud Adapter, Release 12.2.1.1.0 E73562-01 Copyright 2015,
More informationTechnical Brief. A Checklist for Every API Call. Managing the Complete API Lifecycle
Technical Brief A Checklist for Table of Contents Introduction: The API Lifecycle 2 3 Security professionals API developers Operations engineers API product or business owners Apigee Edge 7 A Checklist
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) University of Tartu Spring 2017 1 / 22 Transport Layer Security TLS is cryptographic protocol that provides communication security over the
More informationSSL Report: ( )
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > www.workbench.nationaldataservice.org SSL Report: www.workbench.nationaldataservice.org (141.142.210.100) Assessed on:
More informationHow to Configure Mutual Authentication using X.509 Certificate in SMP SAP Mobile Platform (3.X)
How to Configure Mutual Authentication using X.509 Certificate in SMP SAP Mobile Platform (3.X) Author: Ali Chalhoub Global Support Architect Engineer Date: July 2, 2015 Document History: Document Version
More information