Post on 23-Jan-2017
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Street Warrior. Mobile Sicherheit auf unseren Straße
• DOAG2015
• 17. November 2015
Dr. Nadine Schöne Systemberaterin, Oracle
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Steckbrief
4
Systemberaterin bei Oracle in Potsdam seit 2,5 Jahren Middleware, insbesondere:
• Mobile • Cloud
Datenbank: Oracle R Enterprise (Datenanalysen) Hintergrund Naturwissenschaftlerin (Biologie, Mathematik, Bioinformatik)
@schoenenadine
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Agenda
Einleitung
Mobile Enterprise Architektur
Mobile Security
Demo
Weitere Informationen
Q&A
1
2
3
4
5
5
6
Einleitung
6
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Mobile Enterprise Challenges
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 8
Enterprise Mobility Challenges
Mobile Security
Multi OS / Device support
Delivery & Organization Challenges
Data & Service Integration
ON-PREMISE PACKAGED
APPLICATIONS
CUSTOM APPLICATIONS CLOUD
Mobile Enterprise Architektur
9
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Beispiel: Mobile Enterprise Architektur
Oracle DB
User
API Gateway
DMZ
Fachanwendungen
Secure: Identity Management
Deploy: WebLogic Server
Connect: Service Bus Mobile Cloud Service
Secure Workspace
Mobile Security Manager (MSM) Mobile Apps
Mobile Security Access Server MSAS)
Mobile Security
11
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Informationssicherheit als Prozess Sicherheitsprozess
Initialaktivitäten
Laufende Aktivitäten
Umsetzungen / Betrieb
Pro
ze
ss
e
Sicherheitsstrategie
Risikomanagement
Sicherheitsmgmt.
Schutz Informationswerte (Vetraulichkeit, Integrität)
Sicherstellung der Verfügbarkeit
Disaster Recovery /Business Continuity
Planning
Monitoring
Auditing
Bereiche
Technisch
Physisch Organisatorisch Systeme (HW&
OS) Netze Software Daten
Bu
ild
Op
era
te
Ablauf
Schwachstellenanalyse, Bedrohungsprofil, Risikobewertung, Maßnahmenpriorisierung
Risikomanagement
Security Policy, Standards & Procedures
Sicherheits- organisation
Zugriffssicherung, Authentisierung, Kryptographie, PKI, VPN Sicherheitszonen
Zugangskontrollen
Zutrittsicherungs-
syteme Firewalls
Netzwerkdesign
Clustering
Netzwerkmgmt.
Virenschutz-management
Sichere OS
System-Aktualisierung
SW-Design
Verbindlichkeit
Datenklassifik.
Datenträger
System-performance Monitoring
CM Hot-Backup Gebäudesicherheit
Personelle Sicherheit
Arbeitsplatz
Schutz vor Elem-entarereignissen
Notfallpläne
(Contingency Plans)
Intrusion Detection Systems
Gebäude-überwachung
Videoaufzeichnung Activity Logging
Sicherheitsaudits Vulnerability Checks
Sicherheitsmanagement
Security Vision, Strategie für den Umgang mit unternehmenskritischen Infrastrukturen und Informationswerten
Governance
HR-Prozesse
Betriebl. Praktiken
Awareness
Training
Backup, Backup-Facitilites
Logging, Evaluierung, Behandlung von Sicherheitsvorfällen
System Recovery
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
INFORMATIONSSICHERHEIT als Prozess Sicherheitsprozess
Initialaktivitäten
Laufende Aktivitäten
Umsetzungen / Betrieb
Pro
ze
ss
e
Sicherheitsstrategie
Risikomanagement
Sicherheitsmgmt.
Schutz Informationswerte (Vetraulichkeit, Integrität)
Sicherstellung der Verfügbarkeit
Disaster Recovery /Business Continuity
Planning
Monitoring
Auditing
Bereiche
Technisch
Physisch Organisatorisch Systeme (HW&
OS) Netze Software Daten
Bu
ild
Op
era
te
Ablauf
Schwachstellenanalyse, Bedrohungsprofil, Risikobewertung, Maßnahmenpriorisierung
Risikomanagement
Security Policy, Standards & Procedures
Sicherheits- organisation
Zugriffssicherung, Authentisierung, Kryptographie, PKI, VPN Sicherheitszonen
Zugangskontrollen
Zutrittsicherungs-
syteme Firewalls
Netzwerkdesign
Clustering
Netzwerkmgmt.
Virenschutz-management
Sichere OS
System-Aktualisierung
SW-Design
Verbindlichkeit
Datenklassifik.
Datenträger
System-performance Monitoring
CM Hot-Backup Gebäudesicherheit
Personelle Sicherheit
Arbeitsplatz
Schutz vor Elem-entarereignissen
Notfallpläne
(Contingency Plans)
Intrusion Detection Systems
Gebäude-überwachung
Videoaufzeichnung Activity Logging
Sicherheitsaudits Vulnerability Checks
Sicherheitsmanagement
Security Vision, Strategie für den Umgang mit unternehmenskritischen Infrastrukturen und Informationswerten
Governance
HR-Prozesse
Betriebl. Praktiken
Awareness
Training
Backup, Backup-Facitilites
Logging, Evaluierung, Behandlung von Sicherheitsvorfällen
System Recovery
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
MDM and MAM
Enterprise Data
Enterprise Mobile
App
Personal Data
Personal Mobile
App
Security
Policies
Mobile Device Management Mobile Application Management
Remote
Device
Wipe
Remote
Container
Wipe
Enterprise Data
Enterprise Mobile
App
Personal Data
Personal Mobile
App
Security
Policies
Container
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Oracle’s Mobile Security Plan Securely Separate And Manage Corporate Apps And Data On Devices
Secure Container For App Security And Control
Secure Controls And Management For Enterprise Apps
Extend IDM Services To Avoid Redundancy And Overlaps
Separate, protect and wipe corporate applications and data
Strict policies to restrict users from viewing/moving data out of container
Consistent support across multiple mobile platforms
• Secure communication with enterprise application servers
• Corporate app store
• Common users, roles, policies, access request, cert etc.
• SSO for native and browser apps
• Risk/policy based step up and strong authentication
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Avoiding silos in access & identity management… (1)
Benefits
WebSSO Access Management
(WAM)
Mobile Access
Management
Mobile App Management, iOS built-in
Kerberos
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Avoiding silos in access & identity management… (2)
Benefits
Unified Access
Management
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
3 steps to secure your app. Containerization
c14n -c inject -i Candidate.ipa -o injected.ipa -conf c14n.conf
-cert 'iPhone Distribution: Acme Corp Inc.' -p
dist.mobileprovision -v
Injecting security
services
‣ Secure data
transport
‣ Authentication
‣ Secure data
storage
‣ Data leakage
control
‣ Dynamic policy
engine
yourapp.zip yourapp.ipa
1. Get an unsigned copy of the
app. This is typically an unsigned
ipa or zip file. We don’t require the source code.
2. Run the Oracle c14n tool. This
is a command line tool which is
included in Oracle Mobile Security Services.
3. Upload the app (ftp) to your
enterprise App Store. This can reside
on a file server. The Catalog app to
browse the enterprise app store is
included in Oracle Mobile Security
Services. Access to apps can be controlled via Group membership.
Demo
19
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Installation des Secure Workspace
• Sicherheitszertifikate herunterladen: MSAS und MSM
• Installation der Secure Workspace App
20 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 21 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 22 Oracle Confidential – Internal
Donwload MSAS Certificate
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 23 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 24 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 25 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 26 Oracle Confidential – Internal
Register MDM Profile
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
27 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 28 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 29 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 30 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 31 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 32 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 33 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 34 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 35 Oracle Confidential – Internal
VORHER
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Installation des Secure Workspace
• Sicherheitszertifikate herunterladen: MSAS und MSM
• Installation der Secure Workspace App
36 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Erste Nutzung der Secure Workspace App
• Erste Konfiguration
• Einloggen: Authentifizierung, Challenging Question,
Authorisierung
• Location
• App Katalog
37 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 38 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 39 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 40 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 41 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 42 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 43 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 44 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 45 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 46 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 47 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Erste Nutzung der Secure Workspace App
• Erste Konfiguration
• Einloggen: Authentifizierung, Challenging Question,
Authorisierung
• Location
• App Katalog
48 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
Deployment einer App in den App Katalog (Oracle Access Manager)
• Laden der App in den App Katalog
• App zu Mobile Security Policy hinzufügen
49 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 50 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 51 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 52 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 53 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 54 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
Deployment einer App in den App Katalog (Oracle Access Manager)
• Laden der App in den App Katalog
• App zu Mobile Security Policy hinzufügen
55 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 56 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 57 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 58 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 59 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 60 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 61 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 62 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 63 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 64 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
65
Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 66 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
Deployment einer App in den App Katalog (Oracle Access Manager)
• Laden der App in den App Katalog
• App zu Mobile Security Policy hinzufügen
67 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Neue App aus App Katalog installieren
• App istallieren
• App testen – API Gateway
68 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 69 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 70 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 71 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 72 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 73 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 74 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 75 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 76 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 77 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 78 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Neue App aus App Katalog installieren
• App istallieren
• App testen – API Gateway
79 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
API Gateway Policy
80 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 81 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Zusammenfassung Demo
• User: Installation des Secure Workspace
• User: Erste Nutzung des Secure Worspace
• Admin: Deployment einer App in den App Katalog (incl Security Policy)
• User: Neue App aus App Katalog installieren
• Admin: Policies im API Gateway
82 Oracle Confidential – Internal
Weitere Informationen
83
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Device Platformen
Google, Samsung, HTC, LG, ...
Surface
Windows Phone IOS
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Enterprise http://www.oracle.com/us/technologies/mobile/overview/index.html
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Social Login
Single Sign-On
Reporting & Analytics
Oracle & 3rd Party Connectors
ID Admin & Self Service
Strong Authentication
Oracle Identity Cloud Services
86
Employees
Partners
Customers
Enables Secure Access by Anyone, from Anywhere, on Any Device
Mobile Identity
Mobile Application Management Mobile Device
Management
Mobile Content Management
Multi-channel Application Security
Mobile Security Cloud Service
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Weitere Vorträge zu Mobile und Security
• The Unforgettable. Der nichts vergisst… Rechte- und Rollenprinzipien, Di 13 Uhr, Foyer Tokio • Oracle Cloud Day - Mobile Developers erste Schritte in die Cloud, Di 16 Uhr, Riga • Oracle Cloud Day - Unternehmensweite Mobile Lösung aus der Cloud, Di 15 Uhr, Budapest • Mobile Cloud Service im Einsatz, Di 17 Uhr, Kopenhagen • Without a mobile strategy you don‘t have a strategy, Mi 9 Uhr, Kopenhagen • Go Digital Native – Extending Oracle ADF to Mobile and Cloud, Mi 11 Uhr, Kopenhagen • Integrating calls to Oracle MCS in Oracle MAF applications, Mi 17 Uhr, Kopenhagen • Oracle Mobile Cloud Service: Demo eines Anwendungsfalls, Do 12 Uhr, Riga • Umsetzung von Mobile Security, Do 16 Uhr, Kopenhagen
87
Ohne Anspruch auf Vollständigkeit!
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Kontakt
Dr. Nadine Schöne| Systemberaterin
Email: nadine.schoene@oracle.com
Tel: +49 331 200 7190
Oracle Deutschland B.V. & Co. KG
Schiffbauergasse 14
14467 Potsdam
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Engage Build
Integrate Analyze
Operate
Manage
Secure