E-Book, Englisch, 429 Seiten
Simpson Enterprise Level Security
Erscheinungsjahr 2016
ISBN: 978-1-4987-6447-6
Verlag: CRC Press
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Securing Information Systems in an Uncertain World
E-Book, Englisch, 429 Seiten
ISBN: 978-1-4987-6447-6
Verlag: CRC Press
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Enterprise Level Security: Securing Information Systems in an Uncertain World provides a modern alternative to the fortress approach to security. The new approach is more distributed and has no need for passwords or accounts. Global attacks become much more difficult, and losses are localized, should they occur. The security approach is derived from a set of tenets that form the basic security model requirements. Many of the changes in authorization within the enterprise model happen automatically. Identities and claims for access occur during each step of the computing process.
Many of the techniques in this book have been piloted. These techniques have been proven to be resilient, secure, extensible, and scalable. The operational model of a distributed computer environment defense is currently being implemented on a broad scale for a particular enterprise.
The first section of the book comprises seven chapters that cover basics and philosophy, including discussions on identity, attributes, access and privilege, cryptography, the cloud, and the network. These chapters contain an evolved set of principles and philosophies that were not apparent at the beginning of the project.
The second section, consisting of chapters eight through twenty-two, contains technical information and details obtained by making painful mistakes and reworking processes until a workable formulation was derived. Topics covered in this section include claims-based authentication, credentials for access claims, claims creation, invoking an application, cascading authorization, federation, and content access control. This section also covers delegation, the enterprise attribute ecosystem, database access, building enterprise software, vulnerability analyses, the enterprise support desk, and network defense.
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Introduction
Problem Description
What Is Enterprise Level Security?
Distributed versus Centralized Security
Crafting a Security Model
Entities and Claims
Robust Assured Information Sharing
Key Concepts
Two Steps Forward and One Step Back
The Approximate Time-Based Crafting
Summary
BASICS AND PHILOSOPHY
Identity
Who Are You?
Naming
Identity and Naming: Case Study
Implications for Information Security
Personas
Identity Summary
Attributes
Facts and Descriptors
An Attribute Ecosystem
Data Sanitization
Temporal Data
Credential Data
Distributed Stores
Access and Privilege
Access Control
Authorization and Access in General
Access Control List
Complex Access Control Schemas
Privilege
Concept of Least Privilege
Cryptography
Introduction
Cryptographic Keys and Key Management
Symmetric Keys
Store Keys
Delete Keys
Encryption
Symmetric versus Asymmetric Encryption Algorithms
Decryption
Hash Function
Signatures
A Note on Cryptographic Key Lengths
Internet Protocol Security
Other Cryptographic Services
The Java Cryptography Extension
Data at Rest
Data in Motion
The Cloud
The Promise of Cloud Computing
Benefits of the Cloud
Drawbacks of Cloud Usage
Challenges for the Cloud and High Assurance
Cloud Accountability, Monitoring, and Forensics
Standard Requirements for Cloud Forensics
The Network
The Network Entities
TECHNICAL DETAILS
Claims-Based Authentication
Authentication and Identity
Credentials in the Enterprise
Authentication in the Enterprise
Infrastructure Security Component Interactions
Compliance Testing
Federated Authentication
Credentials for Access Claims
Security Assertion Markup Language
Access Control Implemented in the Web Service
Establishing Least Privilege
Default Values
Creating an SAML Token
Scaling of the STS for High Assurance Architectures
Rules for Maintaining High Assurance during Scale-Up
Claims Creation
Access Control Requirements at the Services
Access Control Requirement
Enterprise Service Registry
Claims Engine
Computed Claims Record
Invoking an Application
Active Entities
Claims-Based Access Control
Establishing Least Privilege
Authorizing the User to the Web Application
Authorizing a Web Service to a Web Service
Interaction between Security Components
Cascading Authorization
Basic Use Case1
Standard Communication
Pruning Attributes, Groups, and Roles
Required Escalation of Privilege
Data Requirements for the Pruning of Elements
Saving of the SAML Assertion
SAML Token Modifications for Further Calls
An Annotated Notional Example
Additional Requirements
Service Use Case Summary
Federation
Federation
Elements of Federated Communication
Example Federation Agreement
Access from Outside the Enterprise
Trusted STS Store
Trusted STS Governance
Content Access Control
Authoritative and Nonauthoritative Content
Content Delivery Digital Rights Management
Mandatory Access Control
Access Control Content Management System
Enforcing Access Control
Labeling of Content and Information Assets
Conveying Restrictions to the Requester
Enforcing/Obtaining Acknowledgment of Restrictions
Metadata
Content Management Function
Components of a Stored Information Asset
Additional Elements for Stored Information Assets
Key Management Simplification
Import or Export of Information Assets
Delegation
Delegation Service
Service Description for Delegation
Form of Extended Claims Record
Special Delegation Service
The Enterprise Attribute Ecosystem
User and Data Owner Convenience Functions
Attribute Ecosystems Use Cases
Attribute Ecosystem Services
Database Access
Database Models
Database Interfaces and Protocols
Overall Database Considerations
Enterprise Resource Planning Business Software
ERP as a Legacy System
Hardening of ERP Database Systems
Building Enterprise Software
Services Types
Functionality of All Services
Service Model
Enterprise Services Checklist
Enterprise Service Registry
Service Discovery: Manual and Automated
Additional Considerations
Orchestration
ELS Interface
Access Control List
Vulnerability Analyses
Vulnerability Causes
Related Work
Vulnerability Analysis
Flaw Remediation
Summary
An Enterprise Support Desk
Monitoring
Data Repository System
Information for Service Monitoring
Centralized Repository
Services by Type
Data Keeping Requirements
Naming Schema
Monitor Activities
Help Desk Breakdown
Customer Support and Help Desk
Levels of Service
Using the Knowledge Repository
ESD Summary
Network Defense
Expected Behavior
Introduction
Current Protection Approaches
An Alternative to Private Key Passing
A Distributed Protection System
Next Steps for Appliances
Appliances That Change Content
Appliances: A Work in Progress
Concluding Remarks
Where We Have Been and Where We Are Going
Understanding the Approach
About Those Takeaways
Appendix
Bibliography
