Contenu connexe
Similaire à Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - DOAG2015 (20)
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - DOAG2015
- 2. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Street Warrior. Mobile Sicherheit auf unseren Straße
• DOAG2015
• 17. November 2015
Dr. Nadine Schöne
Systemberaterin, Oracle
- 3. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
3
- 4. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Steckbrief
4
Systemberaterin bei Oracle in Potsdam seit 2,5 Jahren
Middleware, insbesondere:
• Mobile
• Cloud
Datenbank: Oracle R Enterprise (Datenanalysen)
Hintergrund
Naturwissenschaftlerin (Biologie, Mathematik, Bioinformatik)
@schoenenadine
- 5. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Agenda
Einleitung
Mobile Enterprise Architektur
Mobile Security
Demo
Weitere Informationen
Q&A
1
2
3
4
5
5
6
- 7. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Mobile Enterprise Challenges
- 8. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 8
Enterprise Mobility Challenges
Mobile
Security
Multi OS / Device
support
Delivery & Organization Challenges
Data & Service
Integration
ON-PREMISE
PACKAGED
APPLICATIONS
CUSTOM APPLICATIONS
CLOUD
- 10. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Beispiel: Mobile Enterprise Architektur
Oracle DB
User
API Gateway
DMZ Fachanwendungen
Secure: Identity Management
Deploy: WebLogic Server
Connect: Service Bus
Mobile Cloud Service
Secure Workspace
Mobile Security Manager (MSM)Mobile Apps
Mobile Security
Access Server MSAS)
- 12. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Informationssicherheit als Prozess
Sicherheitsprozess
Initialaktivitäten
Laufende Aktivitäten
Umsetzungen / Betrieb
Prozesse
Sicherheitsstrategie
Risikomanagement
Sicherheitsmgmt.
Schutz Informationswerte
(Vetraulichkeit, Integrität)
Sicherstellung der
Verfügbarkeit
Disaster Recovery
/Business Continuity
Planning
Monitoring
Auditing
Bereiche
Technisch
Physisch Organisatorisch
Systeme (HW&
OS)
Netze Software Daten
Build
Operate
Ablauf
Schwachstellenanalyse, Bedrohungsprofil, Risikobewertung, Maßnahmenpriorisierung
Risikomanagement
Security Policy, Standards & Procedures
Sicherheits-
organisation
Zugriffssicherung, Authentisierung, Kryptographie, PKI, VPN Sicherheitszonen
Zugangskontrollen
Zutrittsicherungs-
syteme
Firewalls
Netzwerkdesign
Clustering
Netzwerkmgmt.
Virenschutz-
management
Sichere OS
System-Aktualisierung
SW-Design
Verbindlichkeit
Datenklassifik.
Datenträger
System-performance
Monitoring
CM
Hot-Backup Gebäudesicherheit
Personelle Sicherheit
Arbeitsplatz
Schutz vor Elem-
entarereignissen
Notfallpläne
(Contingency Plans)
Intrusion Detection Systems
Gebäude-überwachung
Videoaufzeichnung
Activity Logging
Sicherheitsaudits
Vulnerability Checks
Sicherheitsmanagement
Security Vision, Strategie für den Umgang mit unternehmenskritischen Infrastrukturen und Informationswerten
Governance
HR-Prozesse
Betriebl. Praktiken
Awareness
Training
Backup, Backup-Facitilites
Logging, Evaluierung, Behandlung von Sicherheitsvorfällen
System Recovery
- 13. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
INFORMATIONSSICHERHEIT als Prozess
Sicherheitsprozess
Initialaktivitäten
Laufende Aktivitäten
Umsetzungen / Betrieb
Prozesse
Sicherheitsstrategie
Risikomanagement
Sicherheitsmgmt.
Schutz Informationswerte
(Vetraulichkeit, Integrität)
Sicherstellung der
Verfügbarkeit
Disaster Recovery
/Business Continuity
Planning
Monitoring
Auditing
Bereiche
Technisch
Physisch Organisatorisch
Systeme (HW&
OS)
Netze Software Daten
Build
Operate
Ablauf
Schwachstellenanalyse, Bedrohungsprofil, Risikobewertung, Maßnahmenpriorisierung
Risikomanagement
Security Policy, Standards & Procedures
Sicherheits-
organisation
Zugriffssicherung, Authentisierung, Kryptographie, PKI, VPN Sicherheitszonen
Zugangskontrollen
Zutrittsicherungs-
syteme
Firewalls
Netzwerkdesign
Clustering
Netzwerkmgmt.
Virenschutz-
management
Sichere OS
System-Aktualisierung
SW-Design
Verbindlichkeit
Datenklassifik.
Datenträger
System-performance
Monitoring
CM
Hot-Backup Gebäudesicherheit
Personelle Sicherheit
Arbeitsplatz
Schutz vor Elem-
entarereignissen
Notfallpläne
(Contingency Plans)
Intrusion Detection Systems
Gebäude-überwachung
Videoaufzeichnung
Activity Logging
Sicherheitsaudits
Vulnerability Checks
Sicherheitsmanagement
Security Vision, Strategie für den Umgang mit unternehmenskritischen Infrastrukturen und Informationswerten
Governance
HR-Prozesse
Betriebl. Praktiken
Awareness
Training
Backup, Backup-Facitilites
Logging, Evaluierung, Behandlung von Sicherheitsvorfällen
System Recovery
- 14. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
MDM and MAM
Enterprise
Data
Enterprise
Mobile
App
Personal
Data
Personal
Mobile
App
Security
Policies
Mobile Device Management Mobile Application Management
Remote
Device
Wipe
Remote
Container
Wipe
Enterprise
Data
Enterprise
Mobile
App
Personal
Data
Personal
Mobile
App
Security
Policies
Container
- 15. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Oracle’s Mobile Security Plan
Securely Separate And Manage Corporate Apps And Data On Devices
Secure Container For App
Security And Control
Secure Controls And Management For
Enterprise Apps
Extend IDM Services To Avoid
Redundancy And Overlaps
Separate, protect and wipe corporate
applications and data
Strict policies to restrict users from
viewing/moving data out of container
Consistent support across multiple mobile
platforms
• Secure communication with
enterprise application servers
• Corporate app store
• Common users, roles, policies, access
request, cert etc.
• SSO for native and browser apps
• Risk/policy based step up and strong
authentication
- 16. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Avoiding silos in access & identity
management… (1)
Benefits
WebSSO Access Management
(WAM)
Mobile Access
Management
Mobile App Management, iOS built-in
Kerberos
- 17. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Avoiding silos in access & identity
management… (2)
Benefits
Unified Access
Management
- 18. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
3 steps to secure your app.Containerization
c14n -c inject -i Candidate.ipa -o injected.ipa -conf c14n.conf
-cert 'iPhone Distribution: Acme Corp Inc.' -p
dist.mobileprovision -v
Injecting security
services
‣ Secure data
transport
‣ Authentication
‣ Secure data
storage
‣ Data leakage
control
‣ Dynamic policy
engine
yourapp.zip yourapp.ipa
1. Get an unsigned copy of the
app. This is typically an unsigned
ipa or zip file. We don’t require
the source code.
2. Run the Oracle c14n tool. This
is a command line tool which is
included in Oracle Mobile
Security Services.
3. Upload the app (ftp) to your
enterprise App Store. This can reside
on a file server. The Catalog app to
browse the enterprise app store is
included in Oracle Mobile Security
Services. Access to apps can be
controlled via Group membership.
- 20. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Installation des Secure Workspace
• Sicherheitszertifikate herunterladen: MSAS und MSM
• Installation der Secure Workspace App
20Oracle Confidential – Internal
- 21. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 21Oracle Confidential – Internal
- 22. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 22Oracle Confidential – Internal
Donwload MSAS Certificate
- 23. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 23Oracle Confidential – Internal
- 24. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 24Oracle Confidential – Internal
- 25. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 25Oracle Confidential – Internal
- 26. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 26Oracle Confidential – Internal
Register MDM Profile
- 27. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 27Oracle Confidential – Internal
- 28. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 28Oracle Confidential – Internal
- 29. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 29Oracle Confidential – Internal
- 30. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 30Oracle Confidential – Internal
- 31. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 31Oracle Confidential – Internal
- 32. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 32Oracle Confidential – Internal
- 33. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 33Oracle Confidential – Internal
- 34. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 34Oracle Confidential – Internal
- 35. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 35Oracle Confidential – Internal
VORHER
- 36. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Installation des Secure Workspace
• Sicherheitszertifikate herunterladen: MSAS und MSM
• Installation der Secure Workspace App
36Oracle Confidential – Internal
- 37. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Erste Nutzung der Secure Workspace App
• Erste Konfiguration
• Einloggen: Authentifizierung, Challenging Question,
Authorisierung
• Location
• App Katalog
37Oracle Confidential – Internal
- 38. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 38Oracle Confidential – Internal
- 39. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 39Oracle Confidential – Internal
- 40. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 40Oracle Confidential – Internal
- 41. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 41Oracle Confidential – Internal
- 42. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 42Oracle Confidential – Internal
- 43. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 43Oracle Confidential – Internal
- 44. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 44Oracle Confidential – Internal
- 45. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 45Oracle Confidential – Internal
- 46. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 46Oracle Confidential – Internal
- 47. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 47Oracle Confidential – Internal
- 48. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Erste Nutzung der Secure Workspace App
• Erste Konfiguration
• Einloggen: Authentifizierung, Challenging Question,
Authorisierung
• Location
• App Katalog
48Oracle Confidential – Internal
- 49. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
Deployment einer App in den App Katalog (Oracle Access Manager)
• Laden der App in den App Katalog
• App zu Mobile Security Policy hinzufügen
49Oracle Confidential – Internal
- 50. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 50Oracle Confidential – Internal
- 51. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 51Oracle Confidential – Internal
- 52. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 52Oracle Confidential – Internal
- 53. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 53Oracle Confidential – Internal
- 54. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 54Oracle Confidential – Internal
- 55. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
Deployment einer App in den App Katalog (Oracle Access Manager)
• Laden der App in den App Katalog
• App zu Mobile Security Policy hinzufügen
55Oracle Confidential – Internal
- 56. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 56Oracle Confidential – Internal
- 57. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 57Oracle Confidential – Internal
- 58. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 58Oracle Confidential – Internal
- 59. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 59Oracle Confidential – Internal
- 60. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 60Oracle Confidential – Internal
- 61. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 61Oracle Confidential – Internal
- 62. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 62Oracle Confidential – Internal
- 63. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 63Oracle Confidential – Internal
- 64. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 64Oracle Confidential – Internal
- 65. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
65
Oracle Confidential – Internal
- 66. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 66Oracle Confidential – Internal
- 67. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
Deployment einer App in den App Katalog (Oracle Access Manager)
• Laden der App in den App Katalog
• App zu Mobile Security Policy hinzufügen
67Oracle Confidential – Internal
- 68. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Neue App aus App Katalog installieren
• App istallieren
• App testen – API Gateway
68Oracle Confidential – Internal
- 69. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 69Oracle Confidential – Internal
- 70. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 70Oracle Confidential – Internal
- 71. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 71Oracle Confidential – Internal
- 72. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 72Oracle Confidential – Internal
- 73. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 73Oracle Confidential – Internal
- 74. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 74Oracle Confidential – Internal
- 75. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 75Oracle Confidential – Internal
- 76. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 76Oracle Confidential – Internal
- 77. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 77Oracle Confidential – Internal
- 78. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 78Oracle Confidential – Internal
- 79. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
User
Neue App aus App Katalog installieren
• App istallieren
• App testen – API Gateway
79Oracle Confidential – Internal
- 80. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Admin
API Gateway Policy
80Oracle Confidential – Internal
- 81. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 81Oracle Confidential – Internal
- 82. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Zusammenfassung Demo
• User: Installation des Secure Workspace
• User: Erste Nutzung des Secure Worspace
• Admin: Deployment einer App in den App Katalog (incl Security Policy)
• User: Neue App aus App Katalog installieren
• Admin: Policies im API Gateway
82Oracle Confidential – Internal
- 84. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Device Platformen
Google, Samsung, HTC, LG, ...
Surface
Windows PhoneIOS
- 85. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Oracle Mobile Enterprise
http://www.oracle.com/us/technologies/mobile/overview/index.html
- 86. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Social Login
Single Sign-On
Reporting &
Analytics
Oracle & 3rd Party
Connectors
ID Admin &
Self Service
Strong
Authentication
Oracle Identity Cloud Services
86
Employees
Partners
Customers
Enables Secure Access by Anyone, from Anywhere, on Any Device
Mobile Identity
Mobile Application
ManagementMobile Device
Management
Mobile Content
Management
Multi-channel Application Security
Mobile Security
Cloud Service
- 87. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Weitere Vorträge zu Mobile und Security
• The Unforgettable. Der nichts vergisst… Rechte- und Rollenprinzipien, Di 13 Uhr, Foyer Tokio
• Oracle Cloud Day - Mobile Developers erste Schritte in die Cloud, Di 16 Uhr, Riga
• Oracle Cloud Day - Unternehmensweite Mobile Lösung aus der Cloud, Di 15 Uhr, Budapest
• Mobile Cloud Service im Einsatz, Di 17 Uhr, Kopenhagen
• Without a mobile strategy you don‘t have a strategy, Mi 9 Uhr, Kopenhagen
• Go Digital Native – Extending Oracle ADF to Mobile and Cloud, Mi 11 Uhr, Kopenhagen
• Integrating calls to Oracle MCS in Oracle MAF applications, Mi 17 Uhr, Kopenhagen
• Oracle Mobile Cloud Service: Demo eines Anwendungsfalls, Do 12 Uhr, Riga
• Umsetzung von Mobile Security, Do 16 Uhr, Kopenhagen
87
Ohne Anspruch auf Vollständigkeit!
- 88. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Kontakt
Dr. Nadine Schöne| Systemberaterin
Email: nadine.schoene@oracle.com
Tel: +49 331 200 7190
Oracle Deutschland B.V. & Co. KG
Schiffbauergasse 14
14467 Potsdam
- 89. Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Engage Build
IntegrateAnalyze
Operate
Manage
Secure