Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page: 1 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 +33 (0)5 61 55 60 86 {mkamel, benzekri, barrere, nasser}

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Page: 1 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 +33 (0)5 61 55 60 86 {mkamel, benzekri, barrere, nasser}"— Presentation transcript:

1 Page: 1 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 +33 (0)5 61 55 60 86 {mkamel, benzekri, barrere, nasser} @irit.fr IT security for smaller businesses Michel Kamel, Abdelmalek Benzekri, François Barrère, Bassem Nasser Université Paul Sabatier – IRIT Toulouse, France

2 Page: 2 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 The domains of interest of IRIT within the VIVACE project are the design of solutions that should be deployed to ensure connectivity and security within the Virtual Organization. Concepts such as authentication, authorization, access control, security policies and security practices within a VO environment are being considered in order to deploy an infrastructure supporting the secure share and exchange of information between partners within the VO. Aspects, relevant to third tier suppliers for supporting the supply chain members are studied deeply. IRIT Involvement

3 Page: 3 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 The “Virtual Organization” Type of collaboration ICT mediated business organization Needs for the pooling of more than one core competencies within small ‘specialists’ companies Memorandum of Understanding = Contractual Agreement  Common understanding/common vision and work towards shared goals  Sophisticated ICT infrastructures and mutual confidence  efficiency determined by the speed and efficiency with which information can be exchanged and managed among business partners.

4 Page: 4 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 The VO concept and the 3TS support

5 Page: 5 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 A global security policy should be deployed within the VO network. This security policy is not a new one but should be considered as an extension of the different security policies defined on each partner’s site. The Common IT Security approach within the VO is intended to merely enable organizations to extend their IT Security Policy in the leanest and most efficient way. This security policy must ensure privacy and security for 3TS. The VO security policy

6 Page: 6 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 The shared IT infrastructure deployed to support the VO type of networks must guarantee these base services: Security services:  Confidentiality and integrity  Authentication  Authorization  Single Sign On Control and management services:  Identity management  Access control management  Audit and log management  Network management using tools such as firewalls, routers, NIDS, etc. VO IT infrastructure base services

7 Page: 7 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 Confidentiality and integrity services are ensured using security protocols (IPsec, SSL, etc.) and security equipments (firewalls, routers, IDS, etc.). Protocols:  IPsec  SSL  … Equipments:  Firewalls and routers  IDS  … VO confidentiality and integrity services

8 Page: 8 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 A VPN IPsec solution can be deployed to ensure an encrypted tunnel between separated sites; this tunnel will be used to transmit data securely between the partners’ sites. VO confidentiality and integrity services

9 Page: 9 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 Access control is realized through two security services: authentication and authorization. A formal approach must be adopted to specify an access control policy. Access control models such as RBAC or OrBAC could be used. Once modeled, the access control policy must be enforced. For access control policy enforcement, infrastructures for identification, authentication and authorization must be used. PKIs are satisfactory for identification and authentication, but they don’t provide a solution for authorization. VO access control service

10 Page: 10 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 During all the VO lifecycle, security problems are faced. The interconnection of partners’ information systems must preserve that each partner keeps control on its own resources. An access control policy suitable for a dynamic trans- organizational environment should be deployed. A distributed management infrastructure should be implemented. Users roles must be defined and managed VO access control service

11 Page: 11 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 Definition of an information security management process; this process will ensure a secure exchange and share of information between partners. It will guarantee these properties:  information confidentiality,  information integrity,  information availability, and  Information non-repudiation Security practices implemented must be parts of the global VO’s information security policy and must guarantee that this policy is respected by different users and partners. Information Security management process

12 Page: 12 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 The Information Security Management process that we adopt in order to deploy a secure shared IT infrastructure for the VO type of networks is:  Use risk management methods such as Ebios, Mehari, etc.  Use the ISO/IEC 17799 and the ISO/IEC 27001 standards to build, operate, maintain and improve an ISMS (Information Security Management System).  Define a tool that allows SMEs administrators to evaluate the security practices’ maturity level implemented within their infrastructures to ensure Identity and Privilege management, business continuity, etc. The evaluation will be realized compared to the ISO/IEC 17799 directives. This tool provides a solution to quantify trust between partners. Information Security management process

13 Page: 13 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 Thank You Any Questions ?

Download ppt "Page: 1 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 +33 (0)5 61 55 60 86 {mkamel, benzekri, barrere, nasser}"

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
D-BP-ISP An Electronic B2B Procurement and ERP Integration Model for SC Optimization.

D-BP-ISP An Electronic B2B Procurement and ERP Integration Model for SC Optimization.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Network and Security Patterns

Network and Security Patterns
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Page: 1 24-26 October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 Deploying a distributed access control architecture within.

Page: October 2006 © 2006 VIVACE Consortium Members. All rights reserved VIVACE FORUM 2 Deploying a distributed access control architecture within.
Fluff Matters! Information Governance in an Online Era Lisa Welchman.

Fluff Matters! Information Governance in an Online Era Lisa Welchman.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Understanding Active Directory

Understanding Active Directory
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN

Similar presentations

Ads by Google