ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

Similar documents
Cryptography and Network Security

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

(2½ hours) Total Marks: 75

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

IC32E - Pre-Instructional Survey

Cryptography and Network Security Chapter 1

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

Contents. Multi-Factor Authentication Overview. Available MFA Factors

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Most Common Security Threats (cont.)

Security Handshake Pitfalls

SMart esolutions Information Security

epldt Web Builder Security March 2017

GLOBAL PAYMENTS AND CASH MANAGEMENT. Security

Security analysis and assessment of threats in European signalling systems?

Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

RSA SecurID Implementation

Setting a National Cybersecurity Standard for Telecom Operators

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Integration Guide. SafeNet Authentication Service (SAS)

Authentication CS 4720 Mobile Application Development

SafeNet Authentication Client

CompTIA Security+ (2008 Edition) Exam

SafeNet Authentication Service

Concurrent Distributed Authentication Model (CDAM)

Configuring Role-Based Access Control

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

Network Security and Cryptography. 2 September Marking Scheme

SafeNet Authentication Service

AIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0

SAML-Based SSO Solution

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Locking down a Hitachi ID Suite server

CS 494/594 Computer and Network Security

Meeting the Meaningful Use Security and Privacy Measure

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

ISAM Advanced Access Control

CS 425 / ECE 428 Distributed Systems Fall 2017

716 West Ave Austin, TX USA

ODYSSEY. cryptic by intent. Snorkel-TX. Feature Highlights & Technical Specifications. Odyssey Technologies Ltd.

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

ALAP - AgiLe Authentication Provider

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

Systems and Network Security (NETW-1002)

Distributed Systems. Lecture 14: Security. Distributed Systems 1

HIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department

Distributed Systems. Lecture 14: Security. 5 March,

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

MEETING ISO STANDARDS

AIT 682: Network and Systems Security. Instructor: Dr. Kun Sun

SafeNet Authentication Service

Integration Guide. LoginTC

Lecture 1: Introduction to Security Architecture. for. Open Systems Interconnection

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

Introduction to Security

HIPAA Security Rule s Technical Safeguards - Compliance

Sample Security Risk Analysis ASP Meaningful Use Core Set Measure 15

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

SAML-Based SSO Solution

Multi-factor Authentication Using Mobile Phones

Information Security

1. Diffie-Hellman Key Exchange

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

TIBCO Cloud Integration Security Overview

Cyber Criminal Methods & Prevention Techniques. By

INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD

ClearPath OS 2200 System LAN Security Overview. White paper

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Information System Security. Nguyen Ho Minh Duc, M.Sc

Solutions Business Manager Web Application Security Assessment

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Seagate Supply Chain Standards and Operational Systems

SafeNet Authentication Client

Identity & security CLOUDCARD+ When security meets convenience

Computer Security 3/20/18

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

C1: Define Security Requirements

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

Network Security and Cryptography. December Sample Exam Marking Scheme

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

External Authentication with Citrix GoToMyPc Corporate Edition Authenticating Users Using SecurAccess Server by SecurEnvoy

IS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006

SECURITY AND DATA REDUNDANCY. A White Paper

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

COMPUTER NETWORK SECURITY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

CN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005

Healthcare Security Success Story

CSC 474/574 Information Systems Security

Key Establishment and Authentication Protocols EECE 412

Identity Management as a Service

Transcription:

Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Best Practice In Data Security In The Cloud Speaker Name Dr. Eng. Bahaa Hasan ASC Chairman

Agenda 1. Cloud Security Questions 2. Normal Security Architecture 3. Security Architecture 4. Security Services 5. Security Mechanisms 6. Policies 7. Access Control Layers 8. Authentication Tools 9. Product Diagram

1. Cloud Security Questions RQ-1: What are the problems? RQ-2: What is the security architecture being used to prevent unauthorized users from accessing data within the Cloud? RQ-3: What are the security services, mechanisms, policies that our proposal present? RQ-4: How the proposal works?

2. Normal Security Architecture Administrator Servers Users Attackers Firewall Encryption & Cryptography Layers Cloud Network

What are the problems?

Passive Attacks Darth Read Contents Between Bob and The Cloud Data Bob Internet or Other Comms Facility Cloud Network

Active Attacks Darth Read Contents Between Bob and The Cloud Data Bob Internet or Other Comms Facility Cloud Network

Backdoor Attacks For Malicious Activities

3. Security Architecture Administrator Servers Users Policies Data Security Services Attackers Security Mechanisms Cloud Network

4. Security Services Access Control: prevention of the unauthorized use of a resource. Data Confidentiality: protection of data from unauthorized disclosure. Data Integrity: assurance that data received is as sent by an authorized entity. Non-Repudiation: protection against denial by one of the parties in a communication (Monitoring).

4. Security Services cont. Authentication: Two factor authentication ( OTP PKI). Real time monitoring / Logging and auditing: CLI and GUI task monitoring, CLI task log and GUI video log. - Session Management: Block suspicious sessions by administrator (Terminate Session). Automatic Vulnerability analysis: Provide guidelines in case of detection vulnerability and Immediate operating vulnerability check. Manage Account Life cycle: Regulate account life cycle and shared account.

5.1 PKI (Public Key Infrastructure) How smart token works 2) Server sends challenge 5. Security Mechanisms Remote Client 1) Client tries to connect to the server Insecure Network 121425322 8284932394 7) Which checks the signature 3) Client passes challenge to smart token 5) Smart token returns the signed challenge to the client Central Server 6) Which reply it to the server 4) Smart token constructs a digital signature of the challenge with a secret key. This secret key can t be accessed by a virus or a malicious OS program on the client

5.2 OTP Web Access Control (OTP-WAC) 5. Security Mechanisms cont. Data Request Login Request username and password Send OTP TO SMS Replay Username and password Cloud Network Reply ok if exist Type OTP Login Success Check OTP if true open session Send OTP As SMS

5.2.1 QR One Time Password 5. Security Mechanisms

5.2.1.1 QR One Time Password 5. Security Mechanisms

5.2.1.2 QR One Time Password 5. Security Mechanisms

5.2.1.3 QR One Time Password 5. Security Mechanisms

6. Policies Supports a variety of environments through the application of rule based policies. Admin can set the policy and apply it on users, groups and admins to control commands on client s needs. The policy of our proposal is flexible. So the more the policy is specific, the more efficient of the system.

How the solution works?

9. Product Diagram 1) User Logging in on web interface. 2) Connectable list is shown up on user screen. 3) Clicking connectable equipment, user session starts. 4) The proposed system starts recording user sessions and controlling work process upon policy. 5) Administrator performs log auditing, controlling and monitoring.

Any questions? You can find me at: Tel : +20-2-22732-620 Fax : +20-2-26701994 Cell: +20-12-314-9864 Website: http://isec.com.eg/ Email : info@isec.com.eg

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback