1 / 39

Cloud Computing Security Session

Cloud Computing Security Session. Steven C. Markey , MSIS, PMP, CISSP , CIPP, CISM, CISA, STS-EV, CCSK Principal, nControl , LLC Adjunct Professor President, Cloud Security Alliance – Delaware Valley Chapter (CSA- DelVal ). Cloud Computing Security Session II. Presentation Overview

langer
Télécharger la présentation

Cloud Computing Security Session

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Computing Security Session Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK Principal, nControl, LLC Adjunct Professor President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)

  2. Cloud Computing Security Session II • Presentation Overview • General Security Overview • Business Continuity / Disaster Recovery (BCP / DR) • Physical Security • Human Resource Management • Authentication, Authorization & Acctg (AAA) • Identity & Access Management (IAM) • Encryption

  3. Cloud Computing Security Session II • BCP / DR • Recovery Time Objective (RTO) • Recovery Point Objective (RPO) • Business Impact Assessment (BIA)

  4. Cloud Computing Security Session II • Physical Security • Building Access Controls • Data Center / Privileged Access Controls • Fire Suppression • Visitor Access Logs • Surveillance

  5. Cloud Computing Security Session II • Human Resource Management • Separation / Segregation of Duties • Defined Roles and Responsibilities • Criminal Background Checks • Credit Checks • Disciplinary Records

  6. Cloud Computing Security Session II • AAA • Logging • Monitoring • Incident Response

  7. Cloud Computing Security Session II • IAM • Single Sign-On (SSO) • Allows User to Gain Access to Multiple Systems / Apps • Negates Password Fatigue • Implementations • Externally • One-Time Password (OTP) / Tokenization • Federated Identity / Tokenization • Smart Card • Remote Access Dial-In User Service (RADIUS) • Internally • Kerberos • Lightweight Directory Access Protocol (LDAP)

  8. Cloud Computing Security Session II • IAM Technologies • Federated Identity • OpenID • OAuth • Security Assertion Markup Language (SAML) • Web Services – Trust Language (WS-Trust) • Representational State Transfer (REST) • Active Directory Federation Service (ADFS) • Microsoft Federation Gateway (MFG)

  9. Cloud Computing Security Session II • IAM Technologies • Federated Identity • OpenID • OAuth • Security Assertion Markup Language (SAML) • Web Services – Trust Language (WS-Trust) • Representational State Transfer (REST) • Active Directory Federation Service (ADFS) • Microsoft Federation Gateway (MFG)

  10. Cloud Computing Security Session II • IAM Technologies • Federated Identity • OpenID • OAuth • Security Assertion Markup Language (SAML) • Web Services – Trust Language (WS-Trust) • Representational State Transfer (REST) • Active Directory Federation Service (ADFS) • Microsoft Federation Gateway (MFG)

  11. Cloud Computing Security Session II • IAM Technologies • Federated Identity • OpenID • OAuth • Security Assertion Markup Language (SAML) • Web Services – Trust Language (WS-Trust) • Representational State Transfer (REST) • Active Directory Federation Service (ADFS) • Microsoft Federation Gateway (MFG)

  12. Cloud Computing Security Session II

  13. Cloud Computing Security Session II • IAM Technologies • Federated Identity • OpenID • OAuth • Security Assertion Markup Language (SAML) • Web Services – Trust Language (WS-Trust) • Representational State Transfer (REST) • Active Directory Federation Service (ADFS) • Microsoft Federation Gateway (MFG)

  14. Cloud Computing Security Session II • IAM Technologies • Federated Identity • OpenID • OAuth • Security Assertion Markup Language (SAML) • Web Services – Trust Language (WS-Trust) • Representational State Transfer (REST) • Active Directory Federation Service (ADFS) • Microsoft Federation Gateway (MFG)

  15. Cloud Computing Security Session II • IAM Technologies • Federated Identity • OpenID • OAuth • Security Assertion Markup Language (SAML) • Web Services – Trust Language (WS-Trust) • Representational State Transfer (REST) • Active Directory Federation Service (ADFS) • Microsoft Federation Gateway (MFG)

  16. Cloud Computing Security Session II • IAM Technologies • Kerberos • Created at MIT • (Mostly) Internal Network Authentication • Implementations • Linux • Windows Active Directory (AD)

  17. Cloud Computing Security Session II • Encryption • Data at Rest (DAR) • Data in Use (DIU) • Data in Motion (DIM)

  18. Cloud Computing Security Session II • DAR • Full Disk Encryption • Object / Volume Encryption • Database Table, Column or Field Encryption

  19. Cloud Computing Security Session II • DIU • Email Message Encryption • File Encryption

  20. Cloud Computing Security Session II • DIM • Public Key Infrastructure (PKI)

  21. Cloud Computing Security Session II • PKI • An Alternative to Two Factor (2F) Authentication • Public Key  End Point • Analogy -- Yellow Pages: Telephone Number  Person • Information Security (InfoSec) Triad • CIA: Confidentiality, Integrity & Availability • PKI: C & I • Deployments • HTTPS (HTTP & SSL / TLS), SSL VPN, SSH, SFTP • S/MIME • WLAN (802.11x, EAP-TTLS) • IPSec (VPN)

  22. Cloud Computing Security Session II • Crypto Terms • Encryption • Takes input data and a secret key and outputs data that appears to bear no relation to the input data. • Hashing • Takes input data and outputs a fixed size chunk of data that uniquely represents the input data. • Symmetric Key • Same key to encrypt / decrypt data – known receiver • Asymmetric Key • Different key to encrypt / decrypt data – unknown receiver

  23. Cloud Computing Security Session II • Crypto Examples • Symmetric Key • Deployment: IPSec (AH, ESP), Database, Tape, DRM • Asymmetric Key • Deployment: HTTPS (HTTP & SSL / TLS), WLAN, IPSec (IKE), S-MIME, SSH, SFTP • Hash Functions • HMAC: MD5, SHA1 / 2 / 3 • Encryption • Symmetric Algorithms: AES, Twofish, Serpent, DES, Triple DES (TDES) • Asymmetric Algorithms: Diffie-Hellman, RSA, ECC, DSA, El Gamal

  24. Cloud Computing Security Session II Ciphertext

  25. Cloud Computing Security Session II

  26. Cloud Computing Security Session II • PKI Technical Components • Certificate / Registration Authority (CA / RA) Server • Issues X.509 Certificates (PKIX) • Generates CRLs • Hosts Private Key • PKI Clients • Outlook • Browsers: Safari, IE, Firefox • Wireless NIC • Revocation Server OR OCSP Server • Revocation Server Hosts CRLs • More on OCSP Later

  27. Cloud Computing Security Session II • Digital Signature • Code Signing • Digital Certificate • X.509

  28. Cloud Computing Security Session II • Digital Signature • Code Signing • Digital Certificate • X.509

  29. Questions? • Contact • Email: steve@ncontrol-llc.com • Twitter: @markes1, @csadelval2011 • LI: http://www.linkedin.com/in/smarkey

More Related