Post on 26-Jan-2017
Emerging Tech Series E: Knowledge Management automation of impacts
Anypoint platform security components
-RajeshKumar
Anypoint platform security components
Anypoint Enterprise Security
API Security Manager
Virtual Private Cloud (VPC)
Taking security
MuleSofts approach to cloud security is two-folded
MuleSoft actively and consciously avoids inspecting, storing, manipulating, monitoring, or otherwise directly interacting with sensitive customer data MuleSoft provides a highly secure environment in which customers can perform sensitive data manipulationsA dedicated security team follows industry best practices, runs internal security audits and maintains policies that span operations, data security, passwords and credentials, and secure connectivity
Identity authentication mechanisms
User authentication
Username and password credentials Multi-factor authentication Token-based credentials API and server authentication
Public/private key cryptographyUser authorization
Role based access control (RBAC) Attribute based access control (ABAC) OAuth (2.0) delegated access controlFederated identity management
Single Sign-on
Message integrity
Message verifier
Message received by your API is verified as being the same as sent by the clientDigital signatures
Client produces a signature by using an algorithm and a secret code API applies the same algorithm and code to produce its own signature and compare it against the incoming signatureMessage safety
Protection against potentially harmful data in the request Attacks often come through large XML documents with multiple levels of nested elements
Security recommendations
Use Least Privilege Access principle
Perform periodic penetration testing
Perform periodic external reviews
Configure Logging and Alerting
Configure secure properties
Optionally consider (centralized) properties managementCredentials management
Tight control on who has administrative access
Use encrypted/secured communications
Both inside and outside the applications scope
Anypoint Enterprise Security
Collection of security features that enforce secure access to information in Mule applications
Provides various methods for applying security to Mule applications
Requires an Enterprise license
Add-on module that needs to be installed in Anypoint Studio
Consists of 6 modules
Suitable for both on-premise and cloudhub applications
Enterprise Security modules
Mule Filter Processor
Compares messages with filter criteria before processing Filter by IP/timestamp features are availableMule Credentials Vault
Encrypts the property file Flow can access the data from property filesMule Message Encryption Processor
Encrypt or Decrypt part of messages or entire payload JCE Encrypter, XML Encrypter, PGP Encrypter
Enterprise Security modules
Mule Secure Token Service (STS) OAuth 2.0a Provider
Security for REST service provider/consumerMule Digital Signature Processor
Ensure the integrity and authenticity of the message sourceMule CRC32 processor
Cyclic redundancy check (CRC) to messages to ensure message integrity
Virtual Private Cloud (VPC)
The Virtual Private Cloud (VPC) offering allows you to virtually create a private and isolated network in the cloud to host workers
Choose to use this isolated network as it best suites your needs
Host your applications in a VPC and take advantage of its load balancer Configure your own firewall rules for your VPC Connect your VPC to your corporate intranetwhether on-premises or in other cloudsvia a VPN connection as if they were all part of a single, private network Set a private DNS server so the workers hosted in a VPC communicate with your internal network using your private host names
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
1/1/2000
Click to edit Master title style
Click to edit Master subtitle style
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
1/1/2000
Click to edit Master title style
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
1/1/2000
Click to edit Master title style
1/1/2000
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click icon to add picture
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Click to edit Master text styles
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
1/1/2000
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
1/1/2000