Embed Size (px)
DESCRIPTION
Server to Server Authentication with SSL, PKI in a box
Citation preview
SSL for Server-to-Server Authentication May 2013
Lim Chin Wan
Have you ever wanted to rob a bank?
DOING IT THE OLD SCHOOL WAY?
Hacking A Bank Is Easy Because We’re
All Humans!
I think you should meet someone…
This is Yuri.
In 2010, he and his “anonymous” friends hacked AT&T. In 2011, they hacked Sony and bought a BMW.
This year, Yuri hit a major telco with the secret keys provided by a disgruntled employee. Then Yuri went on a nice 2 month long vacation in the Caribbean Islands.
Sony and AT&T both used “State of the Art” encryption… yet they
were still hacked!
So how does Yuri do it?
“Usually, I just find one disgruntled employee. Just one.”
Don’t Believe Me? Let’s Play A Game…
Can Anyone Tell Me Who These
People Are?
Heidi Klum
Emma Watson
Cameron Diaz
Halle Berry
Scarlett Johansson
Megan Fox
Brad Pitt
RATED TOP 10 MOST DANGEROUS CELEBRITIES IN 2012
BY McAfee
Heidi Klum 12%
Because your users are your weakest link…
They are your customers… They are your Employees... They are your vendors…
Common Problems… • Weak password • Lack of awareness • Lack of skills • Outdated policies • Management problems
Who’s Responsible?
How can you as a bank protect your customers and
yourself?
Implement Server-to-Server Authentication using PKI
Your typical server room scene How many servers do you have?
How many servers are talking to each other?
Which server is talking to which server?
How do you take control of your servers?
How many vendors do you have logged onto your servers?
Assign each server a digital certificate
Digital Certificates Provides
Identity to each server Expiry date
How much does it cost?
Become my own CA!
A Typical Full Scale Enterprise PKI
Aiyo! So complicated!
What if?
Become my own CA!
Next generation PKI PrimeKey PKI Appliance
46
Why a PKI Appliance? • Make deployments easier and faster
• Minimize installation/integration efforts
• Lower the TCO with simplified management and maintenance
• Provide one source for Software/Hardware stack
A PKI Appliance Gives You...
• Overview of all your servers in your data centre
• Better security via Server-to-Server authentication
• Control over who can access your servers
• Easy management of your server access
Questions? SecureMetric Technology Group Lim Chin Wan
Mobile : +6 016 261 8925 Office : +603 8996 8225 [email protected]
Formula for Strong Digital Security [email protected] www.securemetric.com
![[MS-DHA]: Device Health Attestation Protocol · messages in client and server applications that communicate over open networks. SSL supports server and, optionally, client authentication](https://img.pdfslide.us/doc/110x75/5ec5631109faa8021b7aabf0/ms-dha-device-health-attestation-protocol-messages-in-client-and-server-applications.jpg)
