Security Training Seminars
advertisement
Security Training Seminars An integral part of The Open Group Security Programme Dean Adams Director, Security & Electronic Commerce Agenda Check! j Brief Overview of Security Program Key Projects Introduction to Security Training Seminars 2 Scope of Program • • 3 For organisations implementing innovation in Security & Electronic Commerce, the security program aims to: – reduce business risks – reduce business costs – improve competitiveness Support for a secure infrastructure at 3 levels: – Internet – Enterprise-wide network (Intranet) – Platforms The IT DialTone Service ServiceQualities Qualities Management Services Transaction Processing Application Services Core Information Exchange Security Security Manageability Manageability Interoperability Interoperability International InternationalOperation Operation Scalability Scalability Portability Portability Location Services Security Services 4 Scope of Program Business BusinessRequirements Requirements identification, identification,definition definition&&prioritisation prioritisation Product ProductDevelopments Developments &&Industry IndustryTrends Trends Generating, Generating,Participating-in Participating-in&&Monitoring MonitoringTechnical TechnicalDevelopments Developments Standards, Collaborative Technology & Pilot Trials Standards, Collaborative Technology & Pilot Trials Defining DefiningBranding BrandingPrograms Programs supported by testing supported by testing Support Supportin inthe theMarketplace Marketplace Launch, communications, integration, Launch, communications, integration,training, training,procurement procurement 5 Scope of Program - evolution • Aim to provide a full service range to our partners – major system vendors, application & middleware providers, end-user organizations – mutually supportive activities, no “throw over the wall” attitude Standards Standards Development Development Partnerships Partnerships Testing Testing 6 Brand Brand Consultancy Consultancy Peer Peer Networking Networking Training Training Pilot Pilot Trials Trials Market Market Requirements Requirements Conformance & The Brand • Enforced by the X/Open Trade Mark Licence Agreement – It conforms to the Standard – It will continue to conform – Any problems, fixed by the supplier within set time Guaranteed by the supplier Brand can be taken away ! 7 Agenda Check! Brief Overview of Security Program j Key Projects Introduction to Security Training Seminars 8 Distributed Security Framework - (an application programmer’s view) Applications Users of Security Services Common Security Services Specific Mechanism Modules 9 System Services (e.g. network, file-system, database, etc.) Common Security Services (provided through Generic interfaces) Distributed Authentication Eg. Kerberos SESAME CryptoKnight Distributed Audit Cryptographic Services Key & Cert Management ETC. As Appropriate Common Architecture for PKI • • • • • 10 Defines, characterises, integrates, positions, components of a PKI Based on use of X509.v3 (due to overwhelming recommendation from customer community) but does not preclude use of other approaches (e.g. SDSI) Provides for, but does not mandate Key Recovery Drafts available publicly via web server References and integrates specifications from other sources – e.g. IETF, PC/SC, OpenCard Business decisions and Regulatory Framework establish trust relationships CA CA Allow for hierarchical structure, direct relationships, and web-of-trust relationships as deemed appropriate for individual circumstances. CA CA CA CA CA CA CA CA CA CA CA CA • Do not Dictate through technology CA CA CA CA CA CA CA CA 11 CA CA CA CA CA CA CA CA Business Decisions and Regulatory Framework establish separation/combination of Role CA CA CA CA CA CA ... RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA RA Registration Authorities can be local to user (e.g. lawyers office, local chamber of commerce. Can offer services from multiple competing CA services (act as broker), customer choice based on business and regulatory considerations. 12 CDSA A search on the Internet reveals • • • Canadian Dam Safety Association Canadian Deaf Sports Association Comprehensive Digestive Stool Analysis But since this is a security presentation • Common Data Security Architecture 13 Common Data Security Architecture (CDSA) • • • • 14 For applications and services in a PKI environment – Coherent architecture – Comprehensive set of services Originally submitted by Intel – Revision and addition from PKI Task Group Intel, IBM, Netscape, Entrust, Trusted Information Systems prepared revised specifications – Fast-Track adoption Real commitment by suppliers to build into products CDSA Fast Track • • • • • 15 Formal review & comment period completed – final version being prepared for publication – formal approval Publish final standard - awaiting completion of legal procedures Test suites in development Brand (certification scheme) definition and supporting processes being developed development partnerships in the pipeline Common Data Security Architecture - CDSA Applications in C Applications in C++ Applications in Java Method Wrapper System Security Services Layered Services Middleware Tools Language Interface Adapter CSSM Security API Common Security Services Manager Security Add-in Modules Integrity Services Security Contexts CSP Manager TP Module Manager CL Module Manager DL Module Manager Elective Module Mgr SPI TPI CLI DLI EMI Cryptographic Service Provider Trust Model Library Data store 16 EM-API Certificate Library Data Storage Library New Category of Service Single Sign-On • • • 17 To support distributed heterogeneous enterprise-wide network Completed so far: – Pluggable Authentication Modules (PAM) • publicly available on web server In the pipe – Account Management built on LDAP based schema – Detailed proposals for brand, test Agenda Check! Brief Overview of Security Program Key Projects j Introduction to Security Training Seminars 18 Security Training Seminars • • • 19 New ! – Starts here in Amsterdam, establish as regular feature Integral part of Security Program – supporting standardization and collaborative technology initiatives in the field Aims: – practical advice of obvious value to the business – short to medium term tactical advice – medium to long term strategic advice – supported by case examples Security Training Seminars • Managing: – Dr. Phil Holmes • background in education, information management and publishing – Rob Tate • background in practical commercial consultancy • 20 Security Training Alliance – proposal for alliance of training partners – working under common marketing banner – common, shared set of training modules – co-operation between partners in satisfying customer organization’s training needs Security Survival An Indispensable Guide to Securing Your Business Security Survival An indispensable guide to securing your business Obtain from: – Prentice-Hall Regular & Internet http://www.prenhall.com – The Open Group Regular & Internet http://www.opengroup.org – Amazon Essential advice for users and managers Helps prepare you for net security Your guide to System Security Covers DCE Security 21 Internet only http://www.amazon.com Our Speakers Today • Stan Dormer, (Aid to Industry) – 30 years in IT and auditing – co-founder of COMPACS conferences now in 21st year • Pierre Noel (The Open Group) – practical expertise in DCE, security, Single Sign On open transaction processing, and distributed systems – principle Open Group consultant for Single Sign-On 22 Rules of Engagement • • • 23 Not a working group meeting – Panel Question & Answer Session Feel free to provide feedback to Phil Holmes and Rob Tate – either personally or via evaluation forms – content, quality, suggestions for future topics – interest in The Security Training Alliance Further opportunity for one on one discussion at the reception for interested parties
