Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firebird and compliance with security regulations Nikolay Samofatov, Chief Technology Officer RED SOFT CORPORATION.

Published byHannah McKinney Modified over 10 years ago

Similar presentations

Presentation on theme: "Firebird and compliance with security regulations Nikolay Samofatov, Chief Technology Officer RED SOFT CORPORATION."— Presentation transcript:

1 Firebird and compliance with security regulations Nikolay Samofatov, Chief Technology Officer RED SOFT CORPORATION

2 Situation: major organizations are using Firebird for non business-critical applications Military and special services Worldwide trend is to integrate military projects with civil products and services Public sector Policies to prefer Open Source products in many countries. Open development process requirements for critical infrastructure projects. Enterprises Large enterprises tend to fall under strict procurement rules similar to public sector

3 Policies appear to be very favorable towards Open Source products in organizations. What formal criteria prevents Firebird from being used to build Tier 1 (business critical) applications?

4 Procurement rules Technical requirements Security regulations compliance requirements Service level requirements On-site support for closed-circuit applications Response time requirements Organizational requirements Manufacturer Authorization Forms Warranties Cross-certification

5 Security regulations General standards ISO/IEC 17799 (27002) – Code of practice for information security management ISO/IEC 15408 – CC/Evaluation Criteria for IT Security Sector regulations Basel II Sarbanes-Oxley Regional standards

6 Functional security requirements (comprehensive) Access control Authentication Authorization Control of information flows including mandatory access control Audit trace and logging Registration of access to protected objects (including files, tables, rows and individual fields) Tracking of media Security alerts Cryptographic facilities System integrity controls

7 What needs to be done in Firebird to provide underlying security infrastructure for business-critical applications?

8 Recommendations from the joint team of Red Soft and RNT security experts (Stage 1) Implement modern role-based access control (RBAC) approach Upgrade Firebird security core from using traditional Discretionary Access Control (DAC) methodology to RBAC Improve authentication Engine and metadata and data integrity checking

9 Comprehensive fine-grained role-based access control (RBAC) DDL DML Services Records and blobs System catalog

10 Authentication improvements Multi-factor authentication Certificates Bio-metric Crypto hardware Support for integration with applications and SSO infrastructure

11 Integrity checking Signed binaries and configuration files Signed metadata and pieces of data Hardware-assisted integrity protection Support for trusted computing methodology

12 Stage 2 improvements Implement Mandatory Access Control approach on top of RBAC engine More cryptographic protection Encrypted databases Encrypted backups Encrypted fields in tables Control over administrator actions from security administrator

13 Red Soft is looking for partners in the field of security compliance Alignment of implemented functionality with European regulations Roll-out of secure applications Certification partners

14 Questions and Contacts RED SOFT CORPORATION www.red-soft.biz Nikolay Samofatov, Chief Technology Officer nikolay.samofatov@red-soft.biz Office Phone: +7 495 721 35 37

Download ppt "Firebird and compliance with security regulations Nikolay Samofatov, Chief Technology Officer RED SOFT CORPORATION."

Similar presentations

Red Soft strategy presentation and Q&A

Red Soft strategy presentation and Q&A
Open Source Answer to Critical Infrastructure Security Challenges Vadim Shchepinov, Chief Executive Officer RED SOFT CORPORATION.

Open Source Answer to Critical Infrastructure Security Challenges Vadim Shchepinov, Chief Executive Officer RED SOFT CORPORATION.
Using Trace API to diagnose performance bottlenecks on production servers Nikolay Samofatov, Chief Technology Officer RED SOFT CORPORATION.

Using Trace API to diagnose performance bottlenecks on production servers Nikolay Samofatov, Chief Technology Officer RED SOFT CORPORATION.
Developing a Risk-Based Information Security Program

Developing a Risk-Based Information Security Program
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Corporate Administration Management System CAMS-ITech: Vertical CRM for the Administration/Finance Area CAMS-iTech™ is the technological answer developed.

Corporate Administration Management System CAMS-ITech: Vertical CRM for the Administration/Finance Area CAMS-iTech™ is the technological answer developed.
Module 12: Auditing SQL Server Environments

Module 12: Auditing SQL Server Environments
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Security and Personnel

Security and Personnel
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
ELKAT Security Engineering Ltd. Poland Activity Plan Avi Arbili Regional Sales Director – Europe Cell:+972-(0) 52 – 3910006 Tel: +972-(0)3-5604744 Fax:

ELKAT Security Engineering Ltd. Poland Activity Plan Avi Arbili Regional Sales Director – Europe Cell:+972-(0) 52 – Tel: +972-(0) Fax:
The Other Side of Information Security Wilco van Ginkel – Ubizen

The Other Side of Information Security Wilco van Ginkel – Ubizen

Similar presentations

Ads by Google