SSL for server to-server authentication
-
Upload
chunjia-sio -
Category
Technology
-
view
219 -
download
0
description
Transcript of SSL for server to-server authentication
![Page 1: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/1.jpg)
SSL for Server-to-Server Authentication May 2013
Lim Chin Wan
![Page 2: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/2.jpg)
Have you ever wanted to rob a bank?
![Page 3: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/3.jpg)
DOING IT THE OLD SCHOOL WAY?
![Page 4: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/4.jpg)
Hacking A Bank Is Easy Because We’re
All Humans!
![Page 5: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/5.jpg)
I think you should meet someone…
![Page 6: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/6.jpg)
This is Yuri.
In 2010, he and his “anonymous” friends hacked AT&T. In 2011, they hacked Sony and bought a BMW.
![Page 7: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/7.jpg)
This year, Yuri hit a major telco with the secret keys provided by a disgruntled employee. Then Yuri went on a nice 2 month long vacation in the Caribbean Islands.
![Page 8: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/8.jpg)
Sony and AT&T both used “State of the Art” encryption… yet they
were still hacked!
![Page 9: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/9.jpg)
So how does Yuri do it?
![Page 10: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/10.jpg)
“Usually, I just find one disgruntled employee. Just one.”
![Page 11: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/11.jpg)
![Page 12: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/12.jpg)
Don’t Believe Me? Let’s Play A Game…
![Page 13: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/13.jpg)
Can Anyone Tell Me Who These
People Are?
![Page 14: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/14.jpg)
Heidi Klum
Emma Watson
![Page 15: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/15.jpg)
Cameron Diaz
![Page 16: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/16.jpg)
Halle Berry
![Page 17: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/17.jpg)
Scarlett Johansson
Megan Fox
![Page 18: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/18.jpg)
Brad Pitt
![Page 19: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/19.jpg)
RATED TOP 10 MOST DANGEROUS CELEBRITIES IN 2012
BY McAfee
![Page 20: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/20.jpg)
Heidi Klum 12%
![Page 21: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/21.jpg)
![Page 22: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/22.jpg)
Because your users are your weakest link…
![Page 23: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/23.jpg)
They are your customers… They are your Employees... They are your vendors…
![Page 24: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/24.jpg)
![Page 25: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/25.jpg)
![Page 26: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/26.jpg)
![Page 27: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/27.jpg)
![Page 28: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/28.jpg)
Common Problems… • Weak password • Lack of awareness • Lack of skills • Outdated policies • Management problems
![Page 29: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/29.jpg)
![Page 30: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/30.jpg)
Who’s Responsible?
![Page 31: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/31.jpg)
![Page 32: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/32.jpg)
How can you as a bank protect your customers and
yourself?
![Page 33: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/33.jpg)
Implement Server-to-Server Authentication using PKI
![Page 34: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/34.jpg)
Your typical server room scene How many servers do you have?
![Page 35: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/35.jpg)
How many servers are talking to each other?
Which server is talking to which server?
How do you take control of your servers?
How many vendors do you have logged onto your servers?
![Page 36: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/36.jpg)
Assign each server a digital certificate
![Page 37: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/37.jpg)
Digital Certificates Provides
Identity to each server Expiry date
![Page 38: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/38.jpg)
How much does it cost?
![Page 39: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/39.jpg)
![Page 40: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/40.jpg)
Become my own CA!
![Page 41: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/41.jpg)
A Typical Full Scale Enterprise PKI
![Page 42: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/42.jpg)
![Page 43: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/43.jpg)
Aiyo! So complicated!
![Page 44: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/44.jpg)
What if?
![Page 45: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/45.jpg)
Become my own CA!
Next generation PKI PrimeKey PKI Appliance
![Page 46: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/46.jpg)
46
Why a PKI Appliance? • Make deployments easier and faster
• Minimize installation/integration efforts
• Lower the TCO with simplified management and maintenance
• Provide one source for Software/Hardware stack
![Page 47: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/47.jpg)
A PKI Appliance Gives You...
• Overview of all your servers in your data centre
• Better security via Server-to-Server authentication
• Control over who can access your servers
• Easy management of your server access
![Page 48: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/48.jpg)
![Page 49: SSL for server to-server authentication](https://reader033.fdocuments.in/reader033/viewer/2022052621/55869d0fd8b42a66728b4626/html5/thumbnails/49.jpg)
Questions? SecureMetric Technology Group Lim Chin Wan
Mobile : +6 016 261 8925 Office : +603 8996 8225 [email protected]
Formula for Strong Digital Security [email protected] www.securemetric.com