Presentation is loading. Please wait.

Presentation is loading. Please wait.

Solutii complete de securitate

Published byBlanca Castilla Lara Modified over 6 years ago

Similar presentations

Presentation on theme: "Solutii complete de securitate"— Presentation transcript:

1 Solutii complete de securitate
Alexandru Negrea Enterprise Security Solution Architect, Oracle Romania

2 Agenda Problematica Securitatea IT in viziunea Oracle Studii de piata

3 Amenintari tot mai multe…
11/18/2018 Amenintari tot mai multe… 70% din atacuri provin din interiorul retelei 90% din atacuri sunt realizate de angajati cu drepturi avansate Oracle Confidential 4

4 Silozuri de securitate…
Aplicatiile folosesc doar metode locale de securizare si administrare utilizatori Suport Integrarea este dificila ! Utilizator Utilizatorii au conturi si parole diferite pentru fiecare sistem ! Administrator Securitate Financiar Administrare dificila Vanzari Auditare inexacta si diferita in functie de sistem ? Auditor Securitate

5 Framework de securitate
Suport Securitatea IT este parte din fundatie Utilizator Utilizatorii au un set cunoscut de reguli si roluri care le determina accesul Administrator Securitate Framework Securitate Administrare orientata pe obiective, nu pe sistem Auditarea si corelarea intre sisteme este posibila Financiar Vanzari Security Auditor

6 Securitatea IT in viziunea Oracle
11/18/2018 Securitatea IT in viziunea Oracle Database Security Criptare si Mascare Afisare selectiva cu etichete Conturi privilegiate DBA Autorizare multi-factor Monitorizarea activitatii si Audit SOA Security Informatii Monitorizarea si auditarea serviciilor web Controlul accesului pentru servicii web Criptare si filtrare Administrare centralizata Identity Management Provizionare utilizatori Administrarea rolurilor Administrarea drepturilor Control al accesului bazat pe risc Directoare Virtuale Baze de date Servicii web/ SOA Aplicatii Information Rights Management Documente Controlul accesului la nivel de document Auditare si revocare a drepturilor in mod centralizat Raportare a acceselor la documente Sigilarea documentelor Oracle Confidential 7 7 7

7 Provocarile accesului
Controlul accesului Provocarile accesului Utilizatorii au prea multe parole Este necesar acces rapid la mai multe statii de lucru Este necesar acces de oriunde Conectare Dificil de determinat cine are acces si la ce Furnizarea sigura a datelor de acces catre utilizatori Utilizatorii uita parola de Windows Autentificarea puternica este complex si scump de implementat Yet it’s a struggle to provide the access users demand and enterprises need. The reason: throughout sign-on, authentication, and identity management processes, there exists many “friction points” that slow business down. Friction points are caused by out-of-date inconsistent processes, multiple siloed applications, labor intensive manual effort and lengthy IAM system implementations. Sign On Within the enterprise - Enterprises have thousands of users and the amount of time and effort a typical user spends searching for passwords or calling the help desk to resolve password-related issues can be time better spent. In most organizations, employees must remember from 5 to 30 passwords and are required to change some of them as frequently as every 30 days. Users resort to “stick note” passwords or keeping passwords in an un-secured file. From anywhere - With the increasing virtualization of the enterprise, users need the benefits of single sign-on from any location and from any PC outside of the office—not just within the four walls of the organization. The two most typical scenarios are employees who work from home using their personal computers to access corporate applications, or, specific to healthcare, doctors need to sign on to hospital applications from their private practice offices. From the extended enterprise Supply chain partners, outsourcing partners, and affiliates also require quick secure access to a company’s applications. They face the same challenges as internal employees do with password management, but enterprise administrators face an additional challenge in that there is no central database of all of the systems they have access to, and hence no easy way to know they have been fully deprovisioned. Authentication Windows password reset - Users often forget or lock themselves out of Windows, at which point they call the help desk for a reset. Windows password reset calls are often the #1 source of help desk calls in an organization, and up to 20% of all password reset help desk calls. It can cost anywhere from $20 – $40 per reset, depending on how the organization handles their helpdesk. Strong authentication to applications Many organizations are looking to improve security and mitigate risk by applying strong authentication (e.g., smart cards or RSA SecurID tokens) to applications, as well as networks. However, enabling applications to accept strong authentication is impractical—many applications cannot be modified to accept strong authentication and other applications require costly and time-consuming reprogramming. Provisioning Managing access to privileged accounts The irony is that the most powerful accounts on the network, super-user or administrative accounts, have to be shared. To make matters worse, all of the policies to which we encourage our users to are often ignored by administrators for these passwords – simple passwords are chosen, they are written down and never changed. Because they’re shared, it’s impossible to account for who is using the shared ID and when, exposing the enterprise to potential security breaches, privacy risk, and compliance risk. Users can steal, change or delete data, and it would be impossible to pinpoint the culprit. Managing application access for temporary workers Temporary workers need quick access to systems yet, many times the approval cycle to grant access takes longer than the time the contractor is engaged. To solve this problem, many organizations keep a pool of IDs and passwords available for temporary workers. With no realistic way to track which shared ID is used by whom and when, this approach causes significant security and compliance risk. Deploying provisioning systems – reconciling accounts Identity management systems rely on a centralized repository of user IDs with associated privileges in order to function. Yet, reconciling user accounts in each application to their rightful owners—a first step in deploying any identity management (IDM) system—is time consuming and costly for many organizations because enterprises have a number of systems with a variety of UserID naming conventions. As a result, it becomes difficult to correlate the multitude of often ambiguous IDs to their owners. In the extreme case, application owners have to lock unclaimed IDs and wait for the users to call the help desks so that they can identify who actually owns an account. IDM deployment is slowed, often by months or more. Provizionare Autentificare 8

8 ESSO cu autentificare puternica
Controlul accesului ESSO Admin Console ESSO Password Reset Directory Repository ESSO Provisioning Gateway Provisioning System ESSO-LM Agent Dr.Smith TOKEN v-GO KM Client PC v-GO AM

9 Oracle Adaptive Access Manager
Controlul accesului Oracle Adaptive Access Manager Aplicatii/Date 3rd party Utilizator Locatie Dispozitiv ARM Context Date Istorice Context Context ASA Context Prezent vs istoric Utilizator Dispozitiv Locatie Tranzactie 3rd Party Combinatii de factori Context Context Immediate and historical context Individual data - User history, device history, location history, transaction anomalies, 3rd Party data Cross data relationships – User + Device, User + Location, Device + Location, Device + Transaction + 3rd Party, Etc. Forensics Investigate alerts Harness data relationships Find related situations

10 Adaptive Strong Authenticator Token Virtual
Controlul accesului Adaptive Strong Authenticator Token Virtual Autentificare mutuala Protectie in browser folosind token-uri virtuale Se integreaza cu smartcard, certificate si 1-time PIN Eficient din punct de vedere al costurilor pentru numar mare de utilizatori Previne atacurile de tip keylogger, phishing si altele OTP via sms, ,IM QuestionPad TextPad PinPad ASA Interfaces – Each interface is designed for input of a specific type of authentication credential. As well each has it’s own set of security features that determine it’s level of security in relation to the other interfaces. TextPad – Primarily used for password entry the TextPad could be used for any type of credential entered on the computer’s keyboard. TextPad is often used as the “base” UI in a deployment, given to all users by default because of it’s easy learning curve. It’s primary security feature is site verification (personalization). PinPad - Primarily used for PIN code entry the PinPad could be used for any type of numeric credential. The Pinpad has more security features than the TextPad. In addition to site verification it protects against key-loggers and MITM. Since it is navigated with a user’s mouse there is no raw data generated or sent over the wire. In addition the data send is different every session. KeyPad - Primarily used for password entry the KeyPad could be used for any type of alphanumeric credential. KeyPad and PinPad are very similar in the technology used and the level of security. QuestionPad – Used for protection of the challenge question presentation and answer input process. The security features are similar to TextPad but with that addition of the embedded question. QuizPad - Used for protection of the dynamic challenge question presentation and answer process. The security features are similar to QuestionPad. Since the Ui is multiple choice QuizPad should only be used with dynamically generated one-time use questions. Not available for POCs because it requires integration with a dynamic question generation 3rd party application not provided by oracle (EquiFax, etc.). Not available out of the box functionality in current release (Q2 ’08). Slider – Primarily used for PIN code entry it could be used for any type of alphanumeric credential. Navigation by visual offsets makes Slider the highest security interface. Unique among the ASA interfaces in every way. Not available out of the box functionality in current release (Q2 ’08). QuizPad KeyPad Slider

11 Securizarea bazei de date
Oracle Database Firewall Prima linie de aparare a bazei de date Permite Log Alerte Substituie Aplicatii Blocheaza Politici Rapoarte predefinite Alerte custom Monitorizeaza activitatea bazei de date si previne activitatea neautorizata, accesul direct la baza de date si SQL injections Analiza de gramatica SQL Politici de securitate bazate pe white-list, black-list si liste de exceptii Rapoarte standard si personalizabile 12

12 Suport pentru tehnologii eterogene
“Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments.“ - Ray Wagner, Gartner Portaluri Servere Web / de aplicatii Aplicatii Alte produse de administrare id. Directoare Sisteme Operare ACF-2 & TSS RACF & IOS/400

13 Suport pentru standarde
Oracle contribuie la dezvoltarea: SSTC (SAML Working Group) Liberty Alliance – Presedintele comitetului WSS, WS-SX (Web Services Security), JCP - Autor SPML - Autor XACML – Membru votant Implementare Accelereaza dezvoltarea produselor Simplifica integrarea produselor si minimizeaza costurile Inovatie Identity Governance Framework: CARML, AAPML Standarde pentru securitate completa (end-to-end)

14 Studii de piata Gartner Marketscope Web Access Mgmt. H2 2010
Gartner MQ User Provisioning H2 2010 ForesterWave Identity & Access H2 2009 Gartner Marketscope ESSO H2 2010

15 Pentru mai multe informatii…
search.oracle.com Identity management Enterprise security Adrian Ciocan Information Security Sales Alexandru Negrea Enterprise Security Architect 16

16

Download ppt "Solutii complete de securitate"

Similar presentations

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Xavier Verhaeghe Vice President Oracle Security Solutions

Xavier Verhaeghe Vice President Oracle Security Solutions
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.

Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Identity Management, what does it solve By Gautham Mudra.

Identity Management, what does it solve By Gautham Mudra.
RSA SecurID November 10, 2005.

RSA SecurID November 10, 2005.
Lexmark Print Management

Lexmark Print Management
PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security

PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security
Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.

Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.
EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda  The challenge: Authenticator life-cycle management  eToken TMS (Token Management System)  eToken.

EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda  The challenge: Authenticator life-cycle management  eToken TMS (Token Management System)  eToken.
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google