The network restrictions surrounding the web authentication service is one layer of defense. Is that sufficient?? Answer the question with a short paragraph, with a minimum of 300 words.
The network restrictions surrounding the web authentication service is one layer of defense. Is that sufficient?
Answer the question with a short paragraph, with a minimum of 300 words. Count the words only in the body of your response, not the references. APA formatting but do not include a title page, abstract or table of contents. Body and references only in your post.
A minimum of two references are required. One reference for the book is acceptable but multiple references are allowed. There should be multiple citations within the body of the post. Note that an in-text citation includes author’s name, and year of publication.
University of the Cumberlands School of Computer & Information Sciences
ISOL-536 – Security Architecture & Design
Chapter 6: eCommerce Website
Chapter 6: eCommerce Website
6.1 Decompose the System
6.1.1 The Right Level of Decomposition
6.2 Finding Attack Surfaces to Build the Threat Model
6.3 Requirements
Chapter 6 – eCommerce Website
6.1 Decompose the System
Ultimately, the point of the architecture factoring exercise isn’t to document a perfect architecture view, but rather, to find those points in the system that are susceptible to likely attack. An appropriate set of defenses can be built from the attack surfaces.
Security is built at many levels, top-to-bottom, side-to-side, and front-to-back. Security is the architecture domain that interacts with every other domain; it is the “matrix” domain and must permeate a system in order to build a defense-in-depth.
6.1 Decompose the System – Cont.
Looking at Figure 6.1, do you see anything missing? In the chapter about the ATASM process, there were several views of Web-Sock-A-Rama, adding data types, trust boundaries, and an attack surface.
Figure 6.1 AppMaker web architecture.
6.1.1 The Right Level of Decomposition
Figure 6.2 adds these two attack surfaces for a more complete picture of the message flow from the Internet and on through to the data tier.
Figure 6.2 Attack surfaces touched by requests from the user’s browser.
That is, at arrow 2b, the dynamically handled
messages are passed from the web server to the
Java application server. The application server calls AppMaker,
which in turn passes the message to one of the appropriate
applications that were generated by AppMaker. In order to find
the appropriate application, AppMaker will have to call the
database server (arrow 4) to query the application metadata:
data about which application handles which type of message.
Then, while handling the request, “other web app” must also
query various databases, perhaps customer profiles and the
product catalog, in order to build the response for the user. The
database server must continue to fetch data (“data fetch to
fulfill 4”) as requests come in and responses are built. These
systems handle multiple requests in parallel.
5
6.2 Finding Attack Surfaces to Build the Threat Model
Since our web store has purchased AppMaker, let’s assume that wherever the injection lies, it would be AppMaker’s maker (the vendor) who would be responsible for the fix. So, in light of this relationship, it probably doesn’t matter whether an XSS lies within AppMaker itself or in a generated application, as long as the vendor is responsive to vulnerability reports and practices rigorous software security.
Traffic from various components is allowed into the subnet to perform authentications, but traffic from the Internet is not allowed; the authentication system is “invisible” from the Internet; it is not reachable by Web-Sock-A-Rama’s customers directly.
6
6.2 Finding Attack Surfaces to Build the Threat Model – Cont.
Figure 6.3 Data fetch and management interfaces.
The flow in Figure 6.3 is more
coherent with the description given.
AppMaker loads one of the
generated applications, which in turn
must generate a query for various types of data.
In this web store, every data store will be used.
For each dynamically generated HTTP response,
AppMaker must first find (and perhaps in part, build)
the appropriate application through its metadata.
Then, the application must itself consult the web
store and customer data. Hence, the database server
is an intermediary between the various data stores
and applications (AppMaker and the generated web
applications), These flows are shown in Figure 6.3
7
6.2 Finding Attack Surfaces to Build the Threat Model – Cont.
Figure 6.4 Management interface attack surfaces.
Figure 6.4 has already become visually busy enough. Still, in the real world, every configuration file and any local, running data set is and must be considered an attack surface. In this case, we have already stipulated that, through the infrastructure practices “investigation” (really, an assumption in this fictitious example system), there are a series of existing controls protecting the servers and their local hard disks. Thus, we concentrate on just a portion of the attack surfaces in order to keep the example focused. In the real world, I would absolutely find out what management practices and protections are implemented to defend the configuration files and metadatasets.
8
6.2 Finding Attack Surfaces to Build the Threat Model – Cont.
Figure 6.5 Authentication and identity flows.
A more complete picture of a management sub-network that is restricted through a jump server is pictured in Figure 6.5. Please refer to this figure for more clarity about the architecture and components used to build this type of management interface protection.)
Web authentication can be handled entirely by the web server. The HTTP protocol contains primitives for authentication, which then are implemented in most open source and commercial web servers.
9
6.2 Finding Attack Surfaces to Build the Threat Model – Cont.
Figure 6.6 Authentication attack surfaces.
Finally, there is an arrow pointing towards Directory, itself, in Figure 6.6. Gaining the directory gives the attacker all the credentials, which are tied to all the user IDs. That very thing happened to a company for which I worked. The attackers compromised every account’s password. In other words, attackers had access to every customer account and the services and equipment for which the highest privileged accounts were entitled. Ouch!
10
6.2 Finding Attack Surfaces to Build the Threat Model – Cont.
Figure 6.7 Web-Sock-A-Rama payment processing.
For our purposes, everything depicted in Figure 6.7 that lies below the Internet, except the isolated authentication service, would be subject to PCI requirements.
Since the authentication service lies within its own restricted network, from a PCI standpoint the authentication service has been separated. The authentication service never handles payment cards and is not involved in financial transactions.
Therefore, it lies outside the PCI boundary. Customer’s user ID are populated from the customer database. That is a “push” function; the directory that lies within the authentication service does not call out to the customer data.
11
6.3 Requirements
Table 6.1 outlines the requirements that we uncovered throughout this chapter’s analysis.
(Continued on following page 210 – eCommerce
Website)
Most information security professionals are already familiar with this body of knowledge. For exposed Internet sites, networking restrictions and boundaries can become critically important. Though there are other ways to create trust boundaries, a common way is to use network segments and then control flows between the segments and between the systems in the segments. That’s the essential gist of the networking requirements given in Table 6.1.
12
Chapter 6: Summary
As this is the first analysis in our series of six, I caution the reader to understand these requirements fairly well. In order not to be repetitive, the subsequent analyses will refer back to these wherever they arise. Remember, architectural patterns repeat, and I’ve attempted to use the same solutions consistently throughout the examples. This is not to imply that any of these is the only solution. Hopefully, this is clear. Still, one of the points of this book is that there are patterns and their solution sets that repeat. So some of the same solutions are being reused set rather than introducing new security defense approaches for the same recurring problem.
Chapter 6: Summary
END
image4.emf
image5.png
image6.emf
image7.emf
image8.emf
image9.png
image10.emf
image11.emf
image12.emf
image13.png
image1.emf
image2.emf
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
