Integrated Security Architecture IBM Software Group James Andoniadis IBM Canada
® IBM Software Group Integrated Security Architecture James Andoniadis IBM Canada © 2004 IBM Corporation IBM Software Group | Tivoli software CEO View: Increased Collaboration Brings Rewards IBM Software Group | Tivoli software Layers of security Perimeter Defense Keep out unwanted with Perimeter Defense Control Layer Assurance Layer • Firewalls • Anti-Virus • Intrusion Detection, etc. Control Layer • Which users can come in? • What can users see and do? • Are user preferences supported? • Can user privacy be protected? Assurance Layer • Can I comply with regulations? • Can I deliver audit reports? • Am I at risk? • Can I respond to security events? IBM Software Group | Tivoli software Pre SOA Security: Enforcement & Decision Points Access Enforcement Functionality (AEF) Access Decision Functionality (ADF) .Net / 3rd Party Apps Other Security Decision Services Data Store CICS IMS ... Security Decision Services ADF Proxy Data Store Portal Server HTTP Reverse Proxy Server AEF Application Server Business Processes AEF Web Servers AEF J2EE Apps J2EE Container AEF Access Decision Functionality Audit Infrastructure Data Store IBM Software Group | Tivoli software Directory Management View Network Operating Systems Certificate Status Responder Customer Network Access Control External SMTP Gateway Application Directory Internal SMTP Gateway LOB Applications Employee LDAP Directory Proxy External ePortal Network Dispatcher Delegated User Management Identity Management External Directory Databases Meta-Directory Internal Directory Messaging Transactional Web Integration Web Access Control Web Single Sign On Informational Web Presentation Certifcate Authority Internal ePortal, LDAPenabled apps Transactional Web Presentation CRM/ ERP (PeopleSoft) Network Authentication & Authorization Application Access Control Single Sign On IBM Software Group | Tivoli software Identity and Access Management Portfolio Apps/Email NOS Identity Stores CRM, Partners ITDS Directory Server HR ITDI Directory Integration Enterprise Directory •Personal Info •Credentials •Entitlements ITAM: Web Access Management SSO, Authentication, Authorization ITFIM: Federated Identity Web Services Security UNIX/Linux ITIM: Provisioning • Policies • Workflow • Password Self-service • Audit trails Security Mgmt Objects Portal Presentation Personalization Databases & Applications MF/Midrange TAM for ESSO IBM Software Group | Tivoli software Operational Deployment Pattern - Security Zones Management (secured) Access Policy Server (ITAM) Directory Server (ITDS) Federated Identity Mgmt (ITFIM) Identity Management, MetaDirectory, Directory Sync Employees Contractors Customers Employees Business Partners Web Browser Load Balancer Internet Content Management Websphere Portal (WPS) Reverse v Proxy (Webseal) Internal Directories: - MS AD - Enterprise LDAP - BP DB Table Reverse Proxy (Webseal) Collaboration Services (Lotus) HTTP/S Web Browser Enterprise External Web Applications Internet DMZ (Controlled) Internet (Uncontrolled) protocol firewall domain firewall Operational Security Tools: - Host IDS, Network IDS - AntiVirus - Tripwire Server Production Zone (restricted) - Auditing scanners - Vulnerability scanners (host, network, web) - Audit/logging, event correlation Intranet (Controlled) - weak password crackers - Intrusion prevension - ... IBM Software Group | Tivoli software Governments as Identity Providers Users Users “TRUST provides ACCESS” Germany:Identity Provider USA:Identity Provider The United States is an “Identity Provider” because it issues a Passport as proof of identification USA Vouches for its Citizens Users China:Identity Provider IBM Software Group | Tivoli software Roles: Identity Provider and Service Provider “Vouching” party in transaction Identity Provider “Validation” party in transaction Mutual TRUST 1. Issues Network / Login credentials 2. Handles User Administration/ ID Mgmt 3. Authenticates User 4. “Vouches” for the user’s identity Service Provider Service Provider controls access to services Third-party user has access to services for the duration of the federation Only manages user attributes relevant to SP IBM Software Group | Tivoli software Federated Identity Standards IBM Software Group | Tivoli software Agenda Enterprise Security Architecture – MASS Intro Identity, Access, and Federated Identity Management SOA Security IBM Software Group | Tivoli software SOA Security Encompass all Aspects of Security 55 Service Consumer consumers SCA Portlet WSRP B2B Other SOA Security 44 business businessprocesses processes Identity process choreography Authentication 33 Services services(Definitions) atomic and composite 22 Service Provider Service components Authorization Confidentiality, Integrity Availability ISV Operational systems Packaged SAP Packaged Application Outlook Application Platform Unix OS/390 Custom Application Custom Application OO Application Custom Apps Supporting Middleware MQ DB2 11 Auditing & Compliance Administration and Policy Management IBM Software Group | Tivoli software Message-based Security : End-to-End Security Connection Integrity/Privacy HTTPS ? Connection Integrity/Privacy HTTPS SOAP Message Message-based security does not rely on secure transport message itself is encrypted message privacy message itself is signed message integrity message contains user identity proof of origin IBM Software Group | Tivoli software Web Service Security Specifications Roadmap Secure Conversation Federation Authorization Security Policy Trust Privacy WSS – SOAP Security SOAP Messaging IBM Software Group | Tivoli software SOAP Message Security: Extensions to Header Envelope Security Element Header Security Token Security Element Signature Body <application data> Encrypted Data SOAP Header allows for extensions OASIS standard “WS-Security: SOAP Message Security” defines XML for Tokens, Signatures and Encryption defines how these elements are included in SOAP Header IBM Software Group | Tivoli software Security Drill Down 1st Layer Message Security 2nd Layer Message Security Nth Layer Message Security Signature Validation/ Origin Authentication Requestor Identification & Authentication & Mapping Requestor Identification & Authentication & Mapping Element Level Decryption Message Level Encryption Message Level Decryption Transport Layer Security Application Security (Authorization with ESB asserted identifier) SSL/TLS Termination Edge Security (Transport Layer) Reverse Proxy XML FW/GW ESB SES (incl Trust Client) ESB Apps ESB SES (incl Trust Client) SES (incl Trust Client) SES (incl Trust Client) Security Decision Services (Trust Services) Security Policy Security Token Service Key Store, Management Authorization IBM Software Group | Tivoli software Moving to SOA – Accommodate Web Services .Net/ 3rd Party Apps MSFT Security Decision Services Data Store CICS IMS ... Security Decision Services SDS Proxy Data Store Portal Server HTTP Reverse Proxy Server SES Application Server Business Processes HTTP SES Web Servers SES SOAP SOAP J2EE Apps J2EE Container SES Gate way SES Security Decision Services Audit Infrastructure Data Store IBM Software Group | Tivoli software Moving to SOA – Accommodate Web Services .Net/ 3rd Party Apps MSFT Security Decision Services Data Store CICS IMS ... Security Decision Services SDS Proxy Data Store Portal Server HTTP Reverse Proxy Server SES Application Server Business Processes HTTP SES Web Servers SES SOAP SOAP J2EE Apps J2EE Container SES Gate way SES Security Decision Services Audit Infrastructure Data Store IBM Software Group | Tivoli software Moving to SOA, Adding the ESB… (Mandatory Scary Picture) Portal Server Application Server Business Processes HTTP SOAP Reverse Proxy Server SES Gateway E S B .Net/ 3rd Party Apps MSFT Security Decision Services CICS IMS ... Security Decision Services SDS Proxy SES SES Data Store Data Store ESB SES J2EE Apps J2EE Container Web Servers SES SES Security Decision Services Audit Infrastructure Data Store IBM Software Group | Tivoli software Further Reading On Demand Operating Environment: Security Considerations in an Extended Enterprise http://publib-b.boulder.ibm.com/abstracts/redp3928.html?Open Web Services Security Standards, Tutorials, Papers http://www.ibm.com/developerworks/views/webservices/standards.jsp http://www.ibm.com/developerworks/views/webservices/tutorials.jsp http://webservices.xml.com/ Websphere Security Fundamentals / WAS 6.0 Security Handbook http://www.redbooks.ibm.com/redpieces/abstracts/redp3944.html?Open http://www.redbooks.ibm.com/redpieces/abstracts/sg246316.html?Open IBM Tivoli Product Home Page http://www.ibm.com/software/tivoli/solutions/security/ IBM Software Group | Tivoli software Summary End-to-end Security Integration is complex Web Services and SOA security are emerging areas Moving from session level security to message level security Identity Management incorporates several security services, but other security services need to be integrated as well Audit and Event Management, Compliance and Assurance Etc. Security technology is part – process, policy, people are the others and often harder to change Only Constant is Change, but evolve around the fundamentals Establish separation of application and security management Use of open standards will help with integration of past and future technologies IBM Software Group | Tivoli software Questions? IBM Software Group | Tivoli software Security 101 Definitions Authentication - Identify who you are Userid/password, PKI certificates, Kerberos, Tokens, Biometrics Authorization – What you can access Access Enforcement Function / Access Decision Function Roles, Groups, Entitlements Administration – Applying security policy to resource protection Directories, administration interfaces, delegation, self-service Audit – Logging security success / failures Basis of monitoring, accountability/non-repudiation, investigation, forensics Assurance – Security integrity and compliance to policy Monitoring (Intrusion Detection, AntiVirus, Compliance), Vulnerability Testing Asset Protection Data Confidentiality, Integrity, Data Privacy Availability Backup/recovery, disaster recovery, high availability/redundance IBM Software Group | Tivoli software Agenda Enterprise Security Architecture – MASS Intro Identity, Access, and Federated Identity Management SOA Security IBM Software Group | Tivoli software MASS – Processes for a Security Management Architecture IBM Software Group | Tivoli software Access Control Subsystem Purpose: Enforce security policies by gating access to, and execution of, processes and services within a computing solution via identification, authentication, and authorization processes, along with security mechanisms that use credentials and attributes. Functions: Access control monitoring and enforcement: Policy Enforcement Point/Policy Decision Point/ Policy Administration Point Identification and authentication mechanisms, including verification of secrets, cryptography (encryption and signing), and single-use versus multiple-use authentication mechanisms Authorization mechanisms, to include attributes, privileges, and permissions Enforcement mechanisms, including failure handling, bypass prevention, banners, timing and timeout, event capture, and decision and logging components Sample Technologies: RACF, platform/application security, web access control IBM Software Group | Tivoli software Identity and Credential Subsystem Purpose: Generate, distribute, and manage the data objects that convey identity and permissions across networks and among the platforms, the processes, and the security subsystems within a computing solution. Functions: Single-use versus multiple-use mechanisms, either cryptographic or noncryptographic Generation and verification of secrets Identities and credentials to be used in access control: identification, authentication, and access control for the purpose of user-subject binding Credentials to be used for purposes of identity in legally binding transactions Timing and duration of identification and authentication Lifecycle of credentials Anonymity and pseudonymity mechanisms Sample Technologies: Tokens (PKI, Kerberos, SAML), User registries (LDAP,AD,RACF,…), Administration consoles, Session management IBM Software Group | Tivoli software Information Flow Control Subsystem Purpose: Enforce security policies by gating the flow of information within a computing solution, affecting the visibility of information within a computing solution, and ensuring the integrity of information flowing within a computing solution. Functions: Flow permission or prevention Flow monitoring and enforcement Transfer services and environments: open or trusted channel, open or trusted path, media conversions, manual transfer, and import to or export between domain Encryption Storage mechanisms: cryptography and hardware security modules Sample Technologies: Firewalls, VPNs, SSL IBM Software Group | Tivoli software Security Audit Subsystem Purpose: Provide proof of compliance to the security policy. Functions: Collection of security audit data, including capture of the appropriate data, trusted transfer of audit data, and synchronization of chronologies Protection of security audit data, including use of time stamps, signing events, and storage integrity to prevent loss of data Analysis of security audit data, including review, anomaly detection, violation analysis, and attack analysis using simple heuristics or complex heuristics Alarms for loss thresholds, warning conditions, and critical events Sample Technologies: syslog, application/platform access logs IBM Software Group | Tivoli software Solution Integrity Subsystem Purpose: address the requirement for reliable and correct operation of a computing solution in support of meeting the legal and technical standard for its processes Functions: Physical protection for data objects, such as cryptographic keys, and physical components, such as cabling, hardware, and so on Continued operations including fault tolerance, failure recovery, and self-testing Storage mechanisms: cryptography and hardware security modules Accurate time source for time measurement and time stamps Alarms and actions when physical or passive attack is detected Sample Technologies: Systems Management solutions - performance, availability, disaster recovery, storage management Operational Security tools: , Host and Network Intrusion Detection Sensors (Snort), Event Correlation tools, Host security monitoring/enforcement tools (Tripwire, TAMOS), Host/Network Vulnerability Monitors/Scanners (Neesus), Anti-Virus software IBM Software Group | Tivoli software On Demand Security Architecture (Logical) On Demand Solutions On Demand Infrastructure – Services and Components Policy Management (authorization, privacy, federation, etc.) Intrusion Defense Anti-Virus Management Authorization Service/Endpoint Policy Mapping Rules Virtual Org Policies Assurance Audit & NonRepudiation Privacy Policy Security Policy Expression Bindings Security and Secure Conversation (transport, protocol, message security) Secure Logging Key Management Identity Federation Trust Model Identity Management Credential Exchange Network Security Solutions (VPNs, firewalls, intrusion detection systems) Secure Networks and Operating Systems On Demand Security Infrastructure On Demand Infrastructure – OS, application, network component logging and security events logging; event management; archiving; business continuity
© Copyright 2024