Upload File

securing enterprise applications rich cole. agenda sample enterprise architecture sample enterprise...

  • Home
  • Documents
  • Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense
9
Securing Securing Enterprise Enterprise Applications Applications Rich Cole Rich Cole

Post on 22-Dec-2015

220 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

Securing Securing Enterprise Enterprise

ApplicationsApplicationsRich ColeRich Cole

Page 2: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

AgendaAgenda

Sample Enterprise ArchitectureSample Enterprise Architecture Example of how University Apps Example of how University Apps

uses Defense in Depth to manage uses Defense in Depth to manage connections to the database from the connections to the database from the application servers.application servers.

Page 3: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

Enterprise ArchitectureEnterprise Architecture

FirewallWeb Server

Applcation ServersDatabase Server

Firewall

SECURING THE APPLICATION

Input ValidationAuthenticationAuthorizatoinConfiguration ManagementSensitive Data

Session ManagementCryptographyParameter ManipulationException ManagementAuditing and Logging

Securing the Network

RouterFirewallSwitch

SECURING THE HOST

Patches and UpdatesServicesProtocols

AccountsFiles and DirectoriesShares

PortsRegistryAuditing and Logging

SOURCE: MICROSOFT

Page 4: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

Managing ConnectionsManaging Connections

FirewallWeb Server

Applcation ServersDatabase Server

Firewall

SECURING THE APPLICATION

Input ValidationAuthenticationAuthorizatoinConfiguration ManagementSensitive Data

Session ManagementCryptographyParameter ManipulationException ManagementAuditing and Logging

Securing the Network

RouterFirewallSwitch

SECURING THE HOST

Patches and UpdatesServicesProtocols

AccountsFiles and DirectoriesShares

PortsRegistryAuditing and Logging

SOURCE: MICROSOFT

Page 5: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

Security - Defense in Security - Defense in DepthDepth

SOURCE: MICROSOFT

Problem: Where to hide the database connection string used by the application to connect to the database?

Page 6: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

Connection ManagerConnection Manager

Solution: Use a middle tier Solution: Use a middle tier component to run a stored component to run a stored procedure in a secured “locked procedure in a secured “locked down” database to obtain the down” database to obtain the connection string for the application.connection string for the application.

Page 7: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

Security - Defense in Security - Defense in DepthDepth

SOURCE: MICROSOFT

Page 8: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

How it worksHow it works

Incoming Web Request

Middle Tier Component

Stored Procedure Call

Connection String Returned

to Calling Application

Connection made to database

Application Call to Component

4

2

1

3

5

Web Application

Servers

Production Database Server

Secured Database

Server

Page 9: Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense

BenefitsBenefits Connection string is stored in secure Connection string is stored in secure

database and not in clear text on web database and not in clear text on web server.server.

Database table containing connection Database table containing connection strings is locked down. No strings is locked down. No Select/Insert/Update/Delete permissions.Select/Insert/Update/Delete permissions.

Only stored procedure allowed to run Only stored procedure allowed to run using middle tier component with its own using middle tier component with its own user id and password.user id and password.

Developers need only know application Developers need only know application name.name.


Architecting the Enterprise? Enterprise Architecture · Enterprise Architecture is the Glue between Business Architecture and IT Architecture Business Architecture IT Architecture

Enterprise IT Architectures Enterprise Architecture ... · Enterprise IT Architectures Enterprise Architecture – Governance ... Enterprise IT Architectures Enterprise Architecture

Does Agile Enterprise Architecture = Agile + Enterprise Architecture?

Enterprise Architecture of Emergent Complex … Architecture of Emergent Complex Adaptive Systems ... The Enterprise • Approach as Enterprise ... • An enterprise architecture and

Enterprise Architecture Development - · PDF fileArchitecture Data Architecture ... Enterprise architecture means ... Enterprise Architecture Sample Deliverables

An effective Enterprise Architecture Implementation ... · An effective Enterprise Architecture Implementation ... 2.2 Enterprise Architecture Implementation Methodology ... The Open

Enterprise Architecture –An Overveics9117/2004 Student Seminars/Week 11... · John Zachman’s Enterprise Architecture ... Functioning Enterprise/User’s View ... Enterprise Architecture

Enterprise Architecture TOGAF - Introduction to... · Introduction to Enterprise Architecture Enterprise Architecture TOGAF ... Architecture and design operates at all three ... the

Enterprise Architecture and the Cloud - SNIA Architecture: An enterprise architecture (EA) is a rigorous description of the structure of an enterprise. ... Enterprise Architecture

Establishing an Enterprise Architecture (EA) Practicebernus/publications/pdfs/EstablishinganEA... · Establishing an Enterprise Architecture (EA) Practice Enterprise Architecture

Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview

19 October 2004Enterprise Architecture in WSRP Portal 1 Foreword: Building Enterprise Architecture Through WSRP in Sample EPA Regional Portal FEA Goals:

Architecture Enterprise

Enterprise Architecture Strategy driven Enterprise Architecture

Enterprise Architecture

Contents and sample chapters for The service-oriented …tetradianbooks.com/ebook/9781906681173_services_SMP.pdfContents and sample chapters for The service-oriented enterprise Enterprise-architecture

Enterprise Architecture Development - Nouri AssociatesArchitecture Data Architecture ... Institute for Enterprise Architecture Development 1. ... Enterprise Architecture Sample ·

Panorama 360 Enterprise Business Architecture Framework SAMPLE

Enterprise Architecture for Architecture Driven Planning ...sparxsystems.com/press/articles/pdf/EAforADP.pdf · Enterprise Architecture for Architecture ... Enterprise Architecture

WUSTL Enterprise Architecture Principlescio.wustl.edu/.../WUSTL-Enterprise-IT-Architecture-Principles-BYU.pdfWUSTL Enterprise Architecture Principles ... Information/Data Architecture

Smart Grid Roadmap & Enterprise Architecture Interest …smartgrid.epri.com/doc/Roadmapping - Enterprise Architecture... · Smart Grid Roadmap & Enterprise Architecture ... • The

Enterprise Architecture Assessment Guide v2 · PDF fileExtended Enterprise Architecture Maturity Model Support Guide Enterprise Architecture Score card Enterprise Architecture Assessment

Enterprise Architecture and the Cloud - SNIA Enterprise Architecture: ... Data protection ... Enterprise Architecture and the Cloud

The Integrated Enterprise: Enterprise Architecture ... · The Integrated Enterprise: Enterprise Architecture, Investment Process ... The Integrated Enterprise: Enterprise Architecture,

Enterprise Architecture Strategy driven Enterprise Architecture Adrian Campbell

Enterprise Architecture Guide - Queensland Health · Enterprise Architecture Guide 4.1 The Department of Health Enterprise Architecture The Department of Health Enterprise Architecture

Enterprise architecture improvement for virtual enterprise ...ieomsociety.org/ieom2017/papers/517.pdf · 2.2 Overview of Enterprise Architecture Enterprise architecture is a relevant

Federal Enterprise Architecture & Enterprise Content

Enterprise Architecture is Evolution. Outline The evolution of Enterprise Architecture: The Enterprise Architecture as metaphor Enterprise Architecture,

Enterprise Architecture Enterprise Apps

Enterprise Architecture and SOA - Digital Transform · Enterprise Architecture and SOAEnterprise Architecture and SOA ... Enterprise ArchitectureEnterprise Architecture Service ManagementService

Enterprise Architecture – Introductionknut.hinkelmann.ch/lectures/EA2014-15/EA_1_Introduction...ENTERPRISE ARCHITECTURE Introduction to Enterprise Architecture Management 24 Prof

Enterprise architecture methodologies and Hawaii's enterprise architecture