(FIN202) Addressing Data Security Concerns in Financial Services: Fidelity Investment's Use of SSE-C | AWS re:Invent 2014
Post on 29-Jun-2015
335 Views
Preview:
DESCRIPTION
Transcript
November 14, 2014 | Las Vegas, NV
Travell Perkins, Fidelity
•
•
•Virtual asset transfer (inheritance)
Amazon
Amazon ELB
Twilio Server
DSM DSMCloudant Cloudant
CloudFiles Twilio Server
S3 S3
EC2 Auto Scaling Group
Application Server
Application Server
Application Server
Generates encryption keys using AES-256 Cipher. The keys are used to
encrypt/decrypt files.
(DynamicSecurityModule - PHP Service/FidelityVDC)
Documents and data are encrypted for persistent storage and decrypted for
presentation layer
(Core Service/Node.JS/AWS EC2)
Customer facing interface to upload/
download documents
(Javascript, EC2)
Sends emails for Account Signup,
Password Resets, File Sharing Notices etc.
(Simple Email Service)
Register new users, password resets, user profile management
(Core Service/Node.JS/AWS EC2)
Get Encryption Key
Encrypted documents
(S3)
Store Encrypted Documents and meta- Data
Notify users
Redundant document
storage
(CloudFiles)
Document Meta-data is stored. Customer accounts info is also
stored.(Cloudant)
Add a new user, manage users
Register User, Authenticate users
Admin interface to manage system users
(Javascript, EC2)
SMS/Voice for multi-factor authentication
(Twilio)
Authenticate & Authorize
(Core Service/Node.JS/AWS EC2)
Is the user a valid user?
Manage Users/Admins
Customers Admins
Encrypt and Store Documents, Get Customer Documents
Send Email to users
Send Email to users
Upload/DownloadDocuments
Manage Admin Users
Component Threat Protocol A.S. Mitigation
All data flows TID HTTPS Various SSL/TLS everywhere
Component Threat Mitigation
EndUser S Form Authentication; Multi-factor Authentication
RD Not Applicable
Admin (Jump
Box)
S SSH UserName/Password; Multi-factor Authentication
RD Not Applicable
Twilio S Shared Access Key
RD No fallback SMS service. But Fidsafe Auth falls back to
Security Questions.
SES (Email) S Shared Access Key
RD No fallback. Messages are sent async.
Component Threat Mitigation
DSM S HTTPS SSL Server Authentication
E Low Privileged Account
TRID All PHP files are read only (for non-root) and owned by root
Core Service S HTTPS SSL/TLS Server Authentication
E Low Privileged Account, Node (Non-root user)
TRID Permissions on Node.JS application files 644
Web UI S Forms Authentication over HTTPS; SMS or Preference Based Security Question
E Running as logged-in user
TRID Default permissions (User has no permissions to Framework binaries)
Mobile App S Digital Signature provides authenticity and tamper detection
E Default container defenses provide least privilege
TRID Digital Signature provides authenticity and tamper detection
Component Threat Mitigation
Cloudant TID Database Permission (Read, Write, Delete) for CRUD
operations.
CloudFiles TID Shared Access Key; All data bits are encrypted; Hashes
stored separately in Cloudant
S3 TID Shared Access Key; All data bits are encrypted; Hashes
stored separately in Cloudant
Request Processing Stack
HTTPS Transport
IP Filtering
HMAC SHA256 Signing
JSON XSS Filtering
Authentication
Authorization
Exception Handling
Execution
top related