by Michael Cobb
The Internet is an unbounded network environment. It has no central administrative control and no unified security policy. Despite best efforts, no amount of hardening can guarantee that a system connected to an unbounded network is invulnerable to attack. A Web server is publicly available on the Internet, so a network infrastructure
To be able to deliver essential services, a "reliable" system must demonstrate four key properties:
- Resistance to attacks
- Recognition of attacks and the extent of any damage
- Recovery of full and essential services after attack
- Adjustment to reduce effectiveness of future attacks
An overview of Web security architectures
When planning Web-based services you must fully understand what needs to be protected. Thus, the process to ensure survivability is an organizational one, rather than purely an IT one. Once your organization has defined its minimum levels of acceptable service and security for each service, the task of planning the Web security architecture can begin. Never use a totally "flat" network design, one where all devices connect directly to each other, as you must avoid hackers gaining access to your Web server and finding that your entire network is wide open.
The network layout should ensure that the failure of one level of protection does not result in a succession of compromises. Practice defense-in-depth and utilize multiple security devices including firewalls, border routers with packet filtering and intrusion-detection systems (IDSes). Further protect Web service resources with a segmented network topology, which reduces the scope of any compromise and buys time to respond to it. This is achieved by dividing the system into trust domains bounded by trust boundaries, with resources placed in the appropriate domain. This outermost barrier in your Web site defense is a secure network perimeter or demilitarized zone (DMZ).
This was first published in June 2007