The Internet is an unbounded network environment. It has no central administrative control and no unified security policy. Despite best efforts, no amount of hardening can guarantee that a system connected to an unbounded network is invulnerable to attack. A Web server is publicly available on the Internet, so a network infrastructure must play a role in protecting the Web site and other IT assets. Airtight security is not possible, so don't get caught in the trap of trying to achieve it. You must aim to establish a balance of adequate security with cost effectiveness and common sense. Security is about ensuring that systems can deliver essential services and maintain essential properties such as integrity, confidentiality and performance despite the presence of intrusions; in other words, reliability in the face of adversity.
To be able to deliver essential services, a "reliable" system must demonstrate four key properties:
- Resistance to attacks
- Recognition of attacks and the extent of any damage
- Recovery of full and essential services after attack
- Adjustment to reduce effectiveness of future attacks
I cover properties 2-4 in Web Security School webcasts 2 and 3. Here, we'll take a look at strategies for resisting attacks.
An overview of Web security architectures
When planning Web-based services you must fully understand what needs to be protected. Thus, the process to ensure survivability is an organizational one, rather than purely an IT one. Once your organization has defined its minimum levels of acceptable service and security for each service, the task of planning the Web security architecture can begin. Never use a totally "flat" network design, one where all devices connect directly to each other, as you must avoid hackers gaining access to your Web server and finding that your entire network is wide open.
The network layout should ensure that the failure of one level of protection does not result in a succession of compromises. Practice defense-in-depth and utilize multiple security devices including firewalls, border routers with packet filtering and intrusion-detection systems (IDSes). Further protect Web service resources with a segmented network topology, which reduces the scope of any compromise and buys time to respond to it. This is achieved by dividing the system into trust domains bounded by trust boundaries, with resources placed in the appropriate domain. This outermost barrier in your Web site defense is a secure network perimeter or demilitarized zone (DMZ).
More from this lesson
- Download the full four-part technical paper -- Life at the edge: Securing the network perimeter (.pdf).
- Return to Web attack prevention and defense: Identify and analyze Web server attacks.
- Return to Intrusion Defense School.