securing data in
play

SECURING DATA IN A BANKING DOMAIN 1 WHOAMI Federico Leven @ - PowerPoint PPT Presentation

Aug 30, 2022 •153 likes •378 views

HADOOP UNDER ATTACK SECURING DATA IN A BANKING DOMAIN 1 WHOAMI Federico Leven @ ReactoData federico@reactodata.net Big Data + Open Source from 2012 Web : http://www.reactodata.net Big Data Meetup coordinator Twitter: @reactodata

  1. HADOOP UNDER ATTACK SECURING DATA IN A BANKING DOMAIN 1

  2. WHOAMI Federico Leven @ ReactoData federico@reactodata.net Big Data + Open Source from 2012 Web : http://www.reactodata.net Big Data Meetup coordinator Twitter: @reactodata (http://www.iaar.site), speaker ... Linkedin : https://www.linkedin.com/in/federicoleven/ 2

  3. We are a startup based in Buenos and Poland, providing Big Data + Cloud solutions based on Open Source and proprietary software and Hadoop consultancy. Big Data and Hadoop applications development • Machine Learning • Cloud • UX/UI and Mobile Apps for Big Data platforms • Hadoop Consultancy • 3

  4. Agenda The Challenge : Best Practices + Regulations How to do it in Hadoop End-to-End Secured Architecture What can go wrong ? References Conclusion & Questions 4

  5. Th The Cha e Challen llenge ge Be Best Practices st Practices an and r d reg egulations ulations 5 Buzzconf 2018

  6. The Challenge : Data Security The set of preventive, detective and corrective measures to protect the integrity, confidenciality and availability of the data. CAAIN • CONFIDENCIALITY • AVAILABILITY • AUTHENTICITY • NON-REPUDIATION • INTEGRITY ❑ ACCOUNTABILITY / AUDITING Cain and Abel ❑ TRACEABILITY 6

  7. C(A)AIN C ONFIDENCIALITY : Data is not made available or disclosed to unauthorized parties. A VAILABILITY : Data is available when is needed. A UTHENTICITY : Data source identity is verifiable. I NTEGRITY : Data is accurate and complete over its entire lifecycle. N ON-REPUDIATION : Parties of a data transaction cannot deny having received/sent the data . 7

  8. The Challenge : Threats in financial and banking domain Emerging Technologies Challenges - Botnet - IoT unsecured devices - DDoS (Distributed Denial of Service Attack) Insider Challenges - Unintentional actions - Malicious users Target Regulation Challenges - Sensitive data - Periodically new and/or stricter - Access credentials regulations - US Data Protection rules - EUR : GDPR 8

  9. The Challenge : Best Practices in banking Organization Human Technological Networking • Security Officer • Employees Awareness • Software Updates • End User Guidelines • Training • Data Protection • Access Policies • … • Auditing • Governance • … • … • 9

  10. How to do it in Hadoop 10 Buzzconf 2018

  11. From concepts to technology AUTHENTICATION : Identify the user. AUTHORIZATION : Grant user access to the data. PROTECTION : Protect data from being used except by authorized users. AVAILABILITY : Make data accessible when needed. 11

  12. From concepts to technology N I A A C Auditing Authentication Protection Availability Authentication Traceability Authorization Availability Metadata Lineage Log Audit • Kerberos • Encryption • Kerberos • Hadoop • LDAP (Motion & • LDAP • HA (HDFS, Rest) • Sentry HBASE …) Cloudera Navigator • Redaction • HBase ACLs • Hadoop/HA • + 12

  13. From concepts to technology BCRA A6375 • BCRA A6495 • ISO 17799/27001 • https://www.cloudera.com/documentation/enterprise/5-14-x/topics/sg_edh_overview.html 13

  14. What we needed in a banking infrastructure for Hadoop 14

  15. End-to-End Secured Architecture 15 Buzzconf 2018

  16. Example Production deployment (CDH 5.13) ZOOKEEPER KTS KMS HDFS Kerberos AD YARN SENTRY HBASE HIVESERVER HIVE METASTORE C. MANAGER Oracle DB SSL/TLS 16

  17. Secure data pipeline example HDFS Business HDFS Landing Web UI Ingest Sources Area Area Rabbit Spark ETL MQ Flume Agent Impala HDFS HDFS ORACLE Hive Sqoop SparkSQL Sqoop SSL ON Encrypted Zone Data redaction custom component 17

  18. What can go wrong ? 18 Buzzconf 2018

  19. What can go wrong ? Some good news and some bad news UNSECURE APPLICATIONS WILL NOT WORK ON SECURE ENVIRONMENTS Sentry HDFS synchronization does not support Hive Metastore HA (CDH 5.9) Sentry HA not supported (CDH 5.9) To use CM Kerberos wizard, you need a high level privileges user SparkSQL does not respect Sentry permissions (Latest) Enabling Sentry turns off Hive impersonation (CDH 5.9) Spark Streaming cannot consume from secure Kafka (CDH 5.9) 19

  20. References 20 Buzzconf 2018

  21. References ✓ http://www.bcra.gob.ar/Pdfs/Texord/t-rmsist.pdf ✓ http://www.bcra.gov.ar/pdfs/texord/t-seguef.pdf ✓ https://en.wikipedia.org/wiki/ISO/IEC_27002 ✓ http://web.iram.org.ar/index.php?vernorma&id=2439 ✓ https://www.cloudera.com/documentation/enterprise/latest/PDF/cloudera-security.pdf ✓ https://www.cloudera.com/documentation/enterprise/5-9-x/topics/security.html ✓ https://www.forbes.com/sites/gregorymcneal/2014/05/26/banks-challenged-by- cybersecurity-threats-state-regulators-acting/#228d745597f7 21

  22. Thank you ! Questions, suggestions or complaints ? “No Hadoop was harmed in the making of this presentation” 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br

Securing Networks in the Programmable Data Plane Era Luciano Gaspary paschoal@inf.ufrgs.br Instituto de Informtica UFRGS Securing Networks in the Programmable Data Plane Era Network softwarization : the first wave P4 programs are

607 views • 12 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl

www.securing.pl Building&Hacking modern iOS apps Wojciech Regua @_r3ggi wojciech.regula@securing.pl @_r3ggi wojciech.regula@securing.pl www.securing.pl www.securing.pl WHOAMI -Senior IT Security Consultant @ SecuRing -Focused on

998 views • 67 slides
Securing telephone-based card payment data An introduction to the new PCI SSC information

Securing telephone-based card payment data An introduction to the new PCI SSC information

v1.2 Securing telephone-based card payment data An introduction to the new PCI SSC information supplement on delivering PCI DSS compliance in the MOTO channel World leading experts in achieving and maintaining PCI DSS compliance in contact

295 views • 25 slides
Securing the connected world Security acceleration for cloud computing/data centers Company

Securing the connected world Security acceleration for cloud computing/data centers Company

Securing the connected world Security acceleration for cloud computing/data centers Company history 1991: Founded as ASIC design house in Louvain-la-Neuve, Belgium 1995: Becomes part of the Barco group. 1999: 1st SoC development for

189 views • 14 slides
Securing the Digital Transformation Overview Largest Data Breaches Hacks resulting in loss of

Securing the Digital Transformation Overview Largest Data Breaches Hacks resulting in loss of

Securing the Digital Transformation Overview Largest Data Breaches Hacks resulting in loss of more than 30,000 records uTorrent Philippines Banner Mail.ru Commission on Health 25000000 Anthem Verizon Elections 800000000 55000000

869 views • 71 slides
Getting ready for GDPR and CCPA Securing and governing hybrid, cloud, and on-premises big data

Getting ready for GDPR and CCPA Securing and governing hybrid, cloud, and on-premises big data

Getting ready for GDPR and CCPA Securing and governing hybrid, cloud, and on-premises big data deployments Your Speakers Lars George, Principal Solutions Architect, Okera Ifi Derekli, Senior Solutions Engineer, Cloudera Mark Donsky,

1.5k views • 118 slides
Securing NFN-style data flow processing NDN retreat, UCSD, Feb 5+6, 2015 Christian Tschudin with

Securing NFN-style data flow processing NDN retreat, UCSD, Feb 5+6, 2015 Christian Tschudin with

Securing NFN-style data flow processing NDN retreat, UCSD, Feb 5+6, 2015 Christian Tschudin with contributions from Claudio Marxer, University of Basel Overview 1. Named Function Networking (NFN) in two slides 2. Problem statement (NDNex) 3.

350 views • 16 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides
Securing Information Systems You re on LinkedIn? Watch Out! Problem: Massive data breach;

Securing Information Systems You re on LinkedIn? Watch Out! Problem: Massive data breach;

Securing Information Systems You re on LinkedIn? Watch Out! Problem: Massive data breach; using old security practices Solution: Initiative to use minimal up-to-date industry practices, for example, salting passwords Illustrates

1.38k views • 56 slides
Securing Information Systems You re on LinkedIn? Watch Out! Problem: Massive data breach;

Securing Information Systems You re on LinkedIn? Watch Out! Problem: Massive data breach;

10/29/2014 Securing Information Systems You re on LinkedIn? Watch Out! Problem: Massive data breach; using old security practices Solution: Initiative to use minimal up-to-date industry practices, for example, salting passwords

540 views • 28 slides
Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses

Securing and Protecting Securing and Protecting Water Rights and Uses in Water Rights and Uses in Arizona Arizona L. William Staudenmaier One Arizona Center 400 East Van Buren Street, Suite 1900 Phoenix, Arizona 85004 2202 602.382.6000 |

574 views • 32 slides
General Security Principles often thankless task securing an organization s data. and

General Security Principles often thankless task securing an organization s data. and

Information security professionals are charged with accomplishing a difficult and General Security Principles often thankless task securing an organization s data. and Practices It is difficult to judge when their efforts are

544 views • 8 slides
Securing Industrial IoT Device Attestation, Software Updates, and Data Protection Mauro Conti ,

Securing Industrial IoT Device Attestation, Software Updates, and Data Protection Mauro Conti ,

Securing Industrial IoT Device Attestation, Software Updates, and Data Protection Mauro Conti , University of Padua Slides prepared with the support of Daniele Lain and Moreno Ambrosin SCy-Phy Systems Week 2017 Panel IV: Defences June 6, 2017,

794 views • 25 slides
Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS

Securing a future for our horses. Securing a future for our sport. TABLE OF CONTENTS Industry-United Initiative ............................................ 2 The TAA Difference .................................................... 3 Life After

466 views • 19 slides
Securing customer data (PII) in MySQL Alexander Rubin VirtualHealth PRIVILEGED + CONFIDENTIAL

Securing customer data (PII) in MySQL Alexander Rubin VirtualHealth PRIVILEGED + CONFIDENTIAL

Securing customer data (PII) in MySQL Alexander Rubin VirtualHealth PRIVILEGED + CONFIDENTIAL About me Working with MySQL for 10-15 years Started at MySQL AB 2006 Sun Microsystems, Oracle (MySQL Consulting) Percona since 2014

1.13k views • 44 slides
ATLAS Computing: from Development to Operations Dario Barberis CERN & Genoa University/INFN

ATLAS Computing: from Development to Operations Dario Barberis CERN & Genoa University/INFN

ISGC - 27 March 2007 ATLAS Computing: from Development to Operations Dario Barberis CERN & Genoa University/INFN Dario Barberis: ATLAS Computing 1 ISGC - 27 March 2007 Outline Major operations in 2007 Computing Model in a nutshell

531 views • 21 slides
Key messages Supply Chain / Logistics Technological Transformation Border should

Key messages Supply Chain / Logistics Technological Transformation Border should

FUTURE OF COMMERCIAL BORDER CROSSINGS: LEVERAGING EMERGING LOGISTICS TECHNOLOGIES Key messages Supply Chain / Logistics Technological Transformation Border should Leverage existing/emerging technology in logistics Make land

251 views • 14 slides
PLACETO: LEARNING GENERALIZABLE DEVICE PLACEMENT ALGORITHMS FOR DISTRIBUTED MACHINE LEARNING

PLACETO: LEARNING GENERALIZABLE DEVICE PLACEMENT ALGORITHMS FOR DISTRIBUTED MACHINE LEARNING

PLACETO: LEARNING GENERALIZABLE DEVICE PLACEMENT ALGORITHMS FOR DISTRIBUTED MACHINE LEARNING Ravi vichandra Ad Addanki, , Sh Shaileshh Bo Bojja jja Ve Venkatakrishnan, , Sh Shreyan Gupta, , Ho Hongzi Mao, , Mohammad A Alizadeh

323 views • 15 slides
Drones + Artificial Intelligence: The O&G Quick Reaction Force Overview SkySkopes UAS

Drones + Artificial Intelligence: The O&G Quick Reaction Force Overview SkySkopes UAS

Drones + Artificial Intelligence: The O&G Quick Reaction Force Overview SkySkopes UAS Oil & Gas Quick Reaction Artificial Intelligence and Machine Learning Providing Innovative Solutions to the Energy Industry with Unmanned

385 views • 20 slides
Whats The Next Big Thing in Telecom & IT? Cloud DaaS Desktop as a Service

Whats The Next Big Thing in Telecom & IT? Cloud DaaS Desktop as a Service

Whats The Next Big Thing in Telecom & IT? Cloud DaaS Desktop as a Service Supercharge Your Desktop! Cloud IaaS Infrastructure as a Service Cloud Computing Work Smarter in the Cloud Cloud Single Sign-On Securely Access Many

627 views • 19 slides
Cyber Risk: the New Business Risk Current and Future Regulatory Expectations Presented By:

Cyber Risk: the New Business Risk Current and Future Regulatory Expectations Presented By:

Cyber Risk: the New Business Risk Current and Future Regulatory Expectations Presented By: Thomas G. Hinkel CISA, CCSA, CRISC, CCSA, CBCP VP Compliance Services Safe Systems, Inc. tom.hinkel@safesystems.com Safe Systems The Compliance

407 views • 22 slides
Grid Computing Jos Cardoso Cunha Dep. Informtica CITI Centre for Informatics and

Grid Computing Jos Cardoso Cunha Dep. Informtica CITI Centre for Informatics and

Grid Computing Jos Cardoso Cunha Dep. Informtica CITI Centre for Informatics and Information Technologies Faculdade de Cincias e Tecnologia Universidade Nova de Lisboa Motivation 1. Concept of a Grid 2. Grid Architecture 3.

542 views • 20 slides
Competition of Distributed and Multiagent Planners (CoDMAP) http://agents.cz/codmap Michal

Competition of Distributed and Multiagent Planners (CoDMAP) http://agents.cz/codmap Michal

Competition of Distributed and Multiagent Planners (CoDMAP) http://agents.cz/codmap Michal Stolba and Anton n Komenda { stolba,komenda } @agents.fel.cvut.cz Department of Computer Science, Faculty of Electrical Engineering, Czech

214 views • 20 slides

More recommend