Securing Legacy Host Access with Reflection for the Web与Web反射保护遗产主机访问.pptVIP

Securing Legacy Host Accesswith Reflection for the Web Denis Guyonnaud Security for Legacy Host Access Modern Multi-Layered Approaches to Security Legacy Host Applications without Security First-Generation Host Security:SSL Direct to Host Next-Generation Host Security:Layered Security for Legacy Host Applications Next-Generation Host Security:Reflection? for the Web and Windows?-Based Reflection Non-Intrusive Multi-Layered Security for Legacy Host Applications Modern Multi-Layered Approaches to Security Modern Multi-Layered Approaches to Security EncryptionData is encrypted when passing through the non-secure network outside the perimeter Centralized identity managementAn enterprise LDAP repository manages identity information for all users Centralized access controlAuthentication and authorization policies are applied at the perimeter to all traffic between clients and servers Centralized auditingAccess to network resources is centrally monitored at the access control point Centralized threat monitoringIncoming and outgoing traffic is scanned at the perimeter Legacy Host Applications without Security Legacy Host Applications without Security No confidentiality of data or passwordsWithout encryption, data and passwords are exposed Weak authenticationMany hosts are limited to case-insensitive eight-character passwords Decentralized authenticationHost-based authentication is often difficult to tie in to LDAP Decentralized access control.Access control happens only at the host, so there is no centralized control over access to enterprise resources Decentralized auditing.Access to hosts is monitored only by the hosts themselves First-Generation Host Security:SSL Direct-to-Host First-Generation Host Security:SSL Direct-to-Host Data and passwords are encrypted Weak, decentralized authenticationIn most SSL deployments, authentication is still handled completely by the host Decentralized access controlAccess control happens only at the host Unauthent