Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why...
-
Upload
samir-jans -
Category
Documents
-
view
216 -
download
1
Transcript of Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why...
![Page 1: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/1.jpg)
Mark Bennett
![Page 2: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/2.jpg)
Agenda
Business Drivers Levels of Security “Granularity” “Early” vs. “Late” Binding – why it matters!
Vendor round up Organization and Technical Challenges Patching Search Security Holes Trends Wrap Up / Q & A
2
![Page 3: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/3.jpg)
Business Drivers
(why you should care)
3
![Page 4: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/4.jpg)
The ES Security Paradox
As Search is deployed further and further into the Enterprise, the likelihood of having a security
problem increases.
4
![Page 5: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/5.jpg)
An Experiment You Should Try
You’ll be amazed what you can find on your own company’s network. Try searching for: confidential highly confidential salaries performance review Excel spreadsheets (.xls) Access databases (.mdb)
Also look for: Obscenities Racial and gender slurs
5
![Page 6: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/6.jpg)
Shifts in Thinking From technical security to Business Viability
IP, financial/SEC, regulatory, espionage, privacy Downsides include:
Loss of competitive advantage, Degradation of company reputation, Impact of fraud and misuse, Decisions made on faulty information, Loss of access to critical information, Legal and contract liability, Regulatory fines, Public safety Forrester interview with Michael Rasmuseen
From “perimeter-focused” to “distributed” Must protect some data internally Some systems must trust other security providers
Burton Group
6
Enterprise Search SecuritySummer 2008
![Page 7: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/7.jpg)
7
The Good: SSO, SAML,LDAP, Active Directory
The Bad: Spidering, Org Boundaries
The Ugly: Holes, Lack of Awareness
Enterprise Search and Corporate Security
The Current State of Affairs
Enterprise Search SecuritySummer 2008
![Page 8: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/8.jpg)
Levels of Security
“Granularity”
8
Summary:• Application / Collection• Document• Field / Sub-Document• Sub-Field / “Redaction”
![Page 9: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/9.jpg)
Granularity: Collection Level
9
Enterprise Search SecuritySummer 2008
![Page 10: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/10.jpg)
Granularity: Document Level
10
Enterprise Search SecuritySummer 2008
![Page 11: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/11.jpg)
Granularity: Field Level
11
![Page 12: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/12.jpg)
Granularity: Sub-Field “Redaction”
12
![Page 13: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/13.jpg)
“Early Binding”vs.
“Late Binding” Security
This choice affects performance and security
infrastructure load
13
![Page 14: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/14.jpg)
Defining “Early” vs. “Late” Binding
Early-Binding Search engine Index includes ACL info
Forrester: “Caching security credentials”
Late-Binding ALL security work done at Search Time
Forrester: “Run-time access validation”
Hybrid: combines Early and Late Federated: leverage indigenous
engines May require complex security mapping
14
![Page 15: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/15.jpg)
Early vs. Late Binding Security
15
![Page 16: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/16.jpg)
Early Binding Security (good!)
16
![Page 17: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/17.jpg)
Late Binding (not so good)
17
![Page 18: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/18.jpg)
Security Infrastructure Interaction
Early Binding: Index Time1. I have document
“http://corp.acme.com/sales/forcast.htm
l”, what are the group IDs for it? (ACLs, etc)
Early Binding: Search Time1. I have Session ID
“14729834416”, which User is that for?
2. I have User “Jones”, which groups is he in?
3. Transform the list of Group IDs into a Native Query Filter (with ACLs, etc)
Late Binding: Search Time1. I have Session ID
“14729834416”, can I access document “http://corp.acme.com/sales/forcast.ht
ml”, Yes or No?
(repeat for every match)
18
No work needed at Index time• Would appear
to be a simpler/better design
![Page 19: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/19.jpg)
VendorRoundup
Early vs. LateBinding
19
![Page 20: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/20.jpg)
Vendor: FAST Search & Transfer Supports Early and Late binding Can use BOTH together
Hybrid approach “Best of both Worlds” Gets along very well with
Microsoft Active Directory FAST SAM = Security Access Module Based on Windows technology
Can still use your own application level logic if you prefer
20
Enterprise Search SecuritySummer 2008
![Page 21: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/21.jpg)
Vendor: Autonomy
IDOL supports both Early and Late binding: Hybrid approach “Best of both Worlds” IDOL: Early Binding = “Mapped” IDOL: Late Binding = “Unmapped”
Ultraseek Ultraseek is Late Binding only
21
Enterprise Search SecuritySummer 2008
![Page 22: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/22.jpg)
22
Vendor: Google Appliance
Google Appliance Late-Binding only “spin” is low latency – but actually a
compromise... Could heavily load security infrastructure
Does use some caching to lighten the load Caching decreases response time = good Caching increases latency (ACL changes)
Enterprise Search SecuritySummer 2008
![Page 23: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/23.jpg)
23
Vendor: Endeca
Out of the box is Early Binding only Mitigated by low latency for document
changes Provides accurate document counts by user General term is “Record Filters”
Or can use “joins” to a fulltext ACL index RRN: Relational Record Navigation
Late binding via custom code
Enterprise Search SecuritySpring 2008
![Page 24: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/24.jpg)
24
“Vendor” Lucene / Solr / Nutch Roll your own…
Enterprise Search SecuritySpring 2008
![Page 25: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/25.jpg)
Organizationaland
Technical Challenges
“They won’t let me in!”
25
![Page 26: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/26.jpg)
Access Issues
Spider may need “Über Login”
Divisions worried about loss of control Worried about cached copies of data
Several Approaches1.Global Indexing – single Monolithic Search2.Federated Search – leverage what’s already there3.“Deferred Search”
26
Enterprise Search SecuritySummer 2008
![Page 27: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/27.jpg)
27
![Page 28: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/28.jpg)
Federated Search
28
![Page 29: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/29.jpg)
29
Deferred
Search
![Page 30: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/30.jpg)
Search Engine
Security Holes
30
![Page 31: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/31.jpg)
Check List Limit access to Disk files
Use File / SSH restrictions Don’t recommend total file encryption
(exception for password files of course)
Files to keep in mind Config files, Scripts LOGS
Search Engine Indices In some search engines DOCUMENTS CAN BE
RECONSTRUCTED from the Words Index
31
Enterprise Search SecuritySummer 2008
![Page 32: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/32.jpg)
Other “Gotcha’s” Secure the Search Admin UI!
May require other back end changes Secure the Search Analytics UI
Can assign various “roles” as appropriate Secure TCP/IP traffic where appropriate
Searches, spider, logging, admin UI Overkill in some cases
Beware of Cached Data Can violate automatic retention policy
32
Enterprise Search SecuritySummer 2008
![Page 33: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/33.jpg)
Editing Search Engine URLs
Form-Based Filtering:http://www.acme.com/go?coll=public
Hackable View URLshttp://www.acme.com/go?viewdoc=100
DOCUMENT HIGHLIGHTING represents a potential Security Hole Results List Summaries Full-Document highlighting
33
Enterprise Search SecuritySummer 2008
![Page 34: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/34.jpg)
Gotcha’s: Misc. Results Navigators show Meta Data
Employees see “Upcoming Layoff”, etc.
Detecting FAILED pages with status 200 Some Web Servers give back nicely formatted
error screens or redirects, instead of an HTTP error code
Desktop Search Holes Peer-to-peer may not be properly controlled May bypass Office file/doc passwords
User Data: To Log or Not to Log? Potential liability with either choice
Employee Privacy Concerns De Facto Notification
Disclaimer: We are not lawyers34
![Page 35: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/35.jpg)
Wrapping Up…
35
![Page 36: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/36.jpg)
36
Enterprise Search and Corporate Security
Search & Security tied to SOX/HPPA• Search Logs get Regulatory Interest• Who Saw What, When• Failure to Spot Trends becomes
Negligence Distributed Credentials Management
• Not as big of a factor in the Enterprise• More cooperation between e-commerce
sites• Government employees accessing other
agencies
The Near Future
Enterprise Search SecuritySummer 2008
![Page 37: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/37.jpg)
37
Enterprise Search and Corporate Security
Run some test searches!
Do you know your company’s current policies?
If confused, talk to your vendor, or get some professional help
Call to Action!
Enterprise Search SecuritySummer 2008
![Page 38: Mark Bennett. Agenda Business Drivers Levels of Security Granularity Early vs. Late Binding – why it matters! Vendor round up Organization and Technical.](https://reader036.fdocuments.net/reader036/viewer/2022062619/551775a955034645368b4dfa/html5/thumbnails/38.jpg)
Resources
38
Search Dev Newsgroup:
www.SearchDev.org
Newsletter & Whitepapers:
www.ideaeng.com/current
www.EnterpriseSearchBlog.com
Blog: