10
Securing Commonly Used Architecture
In this chapter you will
• Explore the CSSLP exam objectives
• Learn basic terminology associated with commonly used architecture
• Explore the security implications of architectures and supporting technologies
Computer systems have changed in terms of capability and architectures over the past several decades. From the mainframe era of the past, to distributed computing and then back to the centralized nature of the cloud, computing has come full circle in its architectural designs. A common practice in IT is for legacy systems to be seldom retired; instead, they tend to be retained for longer than originally planned. The net result is that most enterprises are composed of a wide range of architectures operating concurrently.
Distributed Computing
With the rise of affordable computing solutions that were smaller in size, yet capable of significant processing, came the distribution of computing out of the center and into the business. The availability of networking and storage options furthered the case for distributing the processing closer to users across the enterprise. There are several architectural forms of distributed computing and supporting elements.
Client Server
Client server architectures are defined by two types of machines working in concert. Servers are more capable of processing and storage, serving numerous users through applications. The client machines are also capable of processing and storage, but this is typically limited to single-user work. Clients are typically described as thin or fat clients, depending on the level of processing present on the client. Thin clients perform the majority of the processing on the server, while fat clients take on a significant amount of the processing themselves.
Another characteristic of the client server architecture is the level of communication between the servers and clients. Because processing is distributed, communications are needed to facilitate the distributed processing and storage. This distribution of processing and storage across multiple machines increases the need for security. One method of describing the multimachine architecture model is called the n-tier model (see Figure 10-1). The n refers to the number levels of applications doing the work. A three-tier model can have a client talking to an intermediate server performing business logic and then to a database server level to manage storage. Separating an architecture into a series of layers provides for a separation of business functionality in a manner that facilitates integration and security. When implementing distributed processing and storage, security becomes an important concern.
Figure 10-1 N-tier architecture
Cloud computing can be considered an extreme case of the client server model. The same elements of an n-tier model can be implemented in clouds, Software as a Service (SaaS), Platform as a Service (PaaS), and Information as a Service (IaaS) models.
Peer-to-Peer
Peer-to-peer architectures are characterized by sets of machines that act as peers. While the client server model implies a separation of duties and power, peer-to-peer models are characterized by the member devices sharing the work. In peer-to-peer sharing, both parties are at equivalent levels of processing. This type of network is more commonly found in transfer of information, file sharing, and other communication-based systems. A common utilization of the peer-to-peer model is in file sharing, where machines directly share files without an intermediate storage hub.
Message Queuing
Moving information from one processing system to another can be done in a variety of ways. One of the challenges is managing throughput and guaranteeing delivery. Message queuing technology solves this problem through the use of an intermediate server that mediates transmission and delivery of information between processes. In large enterprise systems with multiple data paths, message queuing can solve many data transfer issues, such as point-to-multipoint data flows. Message queuing can be constructed to manage guaranteed delivery, logging, and security of the data flows.
Service-Oriented Architecture
Service-oriented architecture (SOA) is a distributed architecture with several specific characteristics. These characteristics include
• Platform neutrality
• Interoperability
• Modularity and reusability
• Abstracted business functionality
• Contract-based interfaces
• Discoverability
SOAs can be implemented with several different technologies, including common object model (COM), common object request broker architecture (CORBA), and web services (WS). Most SOA implementations use Extensible Markup Language (XML) as the messaging methodology of choice, although this brings additional issues with regard to security. The XML messages can be secured either through XML encryption or transport over secure channels (SSL/TLS).
Services are core units of functionality, self-contained, and designed to perform a specific action. When implemented in web services, SOA uses a set of technologies that are unique to web services. SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are two common protocols utilized for messaging in the ESB.
Enterprise Service Bus
Enterprise service bus (ESB) is a name given to a specific form of SOA architecture where all of the communications between producers and consumers of the data take place. An ESB solution is designed to monitor and control the routing of messages between services in the system. Frequently, this messaging is done via a form of message queuing services that keep everything aligned with the requirements of the system. The ESB acts as a form of abstraction layer for the interprocess communication services.
The ESB can provide a range of services to the enterprise applications that are served by the system. The ESB can be configured to
• Perform protocol conversions and handle translation and transformation of communications
• Handle defined events
• Perform message queuing and mapping of data flows
The key characteristic of the ESB is the use of a bus-based architecture as a means of managing communications between processes. Figure 10-2 illustrates the bus nature of communications between producers and consumers of information. The actual implementation of the bus can be performed in a variety of protocols, including message queue technologies.
Figure 10-2 Enterprise service bus
The ESB acts as the conduit between all types of protocols. Each connector can be through an adapter that enables the cross-communication between different protocols. An ESB allows XML, EDI, WSDL, REST, DCOM, CORBA, and others to communicate with each other in a seamless fashion.
Web Services
Web services are means of communication between elements over the Internet. The term web services is a descriptor of a wide range of different means of communications. Web services are characterized by a machine-readable description of the interface. This machine-readable format is referred to as Web Services Description Language (WSDL). WSDL is an XML-based interface description language that is used for describing the functionality offered by a web service, including how the service can be called, what parameters it expects, and what data structures it returns.
W3C Web Service Definition
[...] a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the web service in a manner prescribed by its description using SOAP messages, typically conveyed using HTTP with an XML serialization in conjunction with other web-related standards.
[…] identifies two major classes of web services:
• REST-compliant web services, in which the primary purpose of the service is to manipulate XML representations of web resources using a uniform set of “stateless” operations; and
• arbitrary web services, in which the service may expose an arbitrary set of operations.
Web services originally were designed with SOAP, but a movement now favors REST as the means of communication. The advantage of SOAP is that it can use XML as the basis of communication. There have been performance concerns over using XML, however, as well as concerns over the complexity in implementation.
Rich Internet Applications
Rich Internet applications (RIAs) are a form of architecture that use the Web as a transfer mechanism and the client as a processing device, typically for display formatting control functions. An example of an RIA is Facebook, or any of the other social media sites. The objective of an RIA is to create an application with the characteristics of a desktop application, but is delivered across the Internet.
RIAs are created using a variety of frameworks, including Adobe Flash, Java, and Microsoft Silverlight. With the introduction of HTML5, the future appears to be one dominated by HTML5/JavaScript-based RIAs. RIAs can accommodate a wide range of functionality, from complex business interfaces, to games, to learning platforms. If it can be done on a desktop, it can be done in an RIA.
Just because the RIA does the majority of the processing on a server or back-end platform, however, does not mean that security can be ignored. In fact, the opposite is true. Client-side exploits and remote code execution-type attacks can exploit the architecture of an RIA.
Client-Side Exploits or Threats
In all client server and peer-to-peer operations, one universal truth remains. Never trust input without validation. Systems that ignore this are subject to client-side attacks. Even though one can design a system where they have control over the clients, there is always the risk that the client can become corrupted, whether by malware, a disgruntled user, or simple misconfiguration. Client-based architectures, such as RIAs, are specifically susceptible to client-side threats.
Remote Code Execution
Remote code execution is a term used to describe the process of triggering arbitrary code execution on a machine from another machine across a network connection. This can be a serious attack, as if executed successfully, the arbitrary code operates under the security credentials of the process that is infected. This is a consequence of the architectural decision in which there is not a distinction between code and data. This makes it possible for malicious input to become arbitrary code.
Pervasive/Ubiquitous Computing
With the advent of cost-effective microprocessors, computers have become integrated into many devices and systems, with the purpose of improved control. With the addition of the Internet and low-cost connectivity becoming possible between devices, this trend has accelerated into interconnecting the devices, sharing information between them and further enabling remote control of functions. With the addition of handheld computers built around mobile phones, the era of pervasive and ubiquitous computing has begun. Users, connecting with their phones, have the ability to interact with a wide range of devices and services, with the common expression of “I have an app for that” becoming everyday vernacular.
The implications of always-on, hyper-connectedness, and cross-platform/system integration are many—some positive and some challenging. The driving factor behind connecting everything to everything is a combination of convenience and efficiency. The challenges come from the intrinsic properties of highly complex systems, including emergent issues of safety, security, and stability. The importance of some basic security properties, defense in depth, fail to a secure state, and complete mediation become more important in the complex systems being created through pervasive computing. Each element needs to become self-sufficient and self-reliant for security, safety, and stability aspects of their own operations. This drives requirements through the software development lifecycle (SDLC) and makes them increasingly important.
Wireless
Wireless communications have gone from a rare instance when wiring was difficult to a norm for many devices. Driven by low-cost technology, wireless communications are becoming ubiquitous in the industrialized world. Wireless computer networks can be created with several different protocols, from cellular-based systems, to 802.11 Wi-Fi, to 802.15 Zigbee, Bluetooth, and Wi-Max, each with differing capacity, distance, and routing characteristics.
Wireless networking frees the deployment from the hassles of wires, making the movement of machines, the routing through walls and between buildings, etc., easier. Wireless allows mobile devices to be connected to network resources while remaining mobile. With the advantages, however, come risks. Wired networks can control device connections through the control over the physical connection points. With wireless, this is a different proposition. With wired networks, communications between devices are not available to others, as the signal does not necessarily pass others. In wireless networks, anyone within the signal range can see the signal and monitor the communications from all devices.
When designing applications where information is going to be transmitted across a network, one needs to consider the fact that the data may be transmitted across an unsecure network, such as a wireless network. The implication is simple—the developers need to take responsibility for the security of the data when transmitted; expecting the network to take care of security is an opportunity for failure during deployment.
Location-Based
With the rise of mobile, handheld computing, one of the new “killer apps” is the use of location-based data as part of the application process. Whether marketing, i.e., telling users when they are close to a store that has sales, or security, i.e., only allowing certain functionality when you are in certain locations, the ability to make application decisions based on user location has advantages.
Location-based data can be very valuable in an application. But a user’s location can also be abused, and protecting sensitive data such as location, both in apps and in downstream processes, is important. Not all sensitive data is easily identified as such. Sometimes, it is necessary to examine how data elements could be abused in order to come to the correct security consideration for an element.
Constant Connectivity
The combination of hyper-connectivity, ubiquitous computing, and affordable computing, coupled with Internet-based software such as social media has created a situation where there is virtually constant connectivity. Whether it is individual users or corporate machines connected via the Internet to other machines and devices, the result is the same: Everything is always connected.
Radio Frequency Identification
Radio frequency identification (RFID) is a radio frequency, noncontact means of transferring data between two parties. Using a transmitter/receiver and a device called a tag, the radio equipment can read the tag. Widely used for contactless inventory, the range can be a few meters for simple ones to hundreds of meters for battery-powered ones that act as transponders. RFID tags can be used to track things, with the added advantage that because it is RF-based, it does not need to be in the line of sight of the reader. When a reader sends a signal to a tag, the tag responds with a digital number, enabling individual serialization. Tags can be small—the size of dust particles—and cheap—costing just pennies—and come in a wide range of form factors. Picking the correct RFID tag involves planning the deployment and environment as well as the desired options.
RFID tags can be either active or passive, depending upon whether the tag has a source of power or not. Powered tags can offer greater range for detection and reading, but at an increased cost. Because of the use of RF, the different frequency bands used have differing regulatory requirements by country. Numerous standards have emerged covering both technical details of the system and its use. Several Industry Standards Organization (ISO) standards exist, and there are several industry-supported groups concerned with standardization.
U.S. citizens became acutely aware of RFID tags when they began showing up as a security and convenience factor in passports. Designed to only be readable for short distances, shielding had to be added after researchers showed that they could be read from several meters away. Another widespread adoption is in Wal-Mart Corporation’s supply chain effort, using RFID-based Electronic Product Code (EPC) tags in all of their major supply chains.
Near-Field Communication
Near-field communication (NFC) is a protocol and set of standards for communication via radio frequency energy over very short distances. Limited in distance to a few inches, the communication occurs while a user typically touches one device to another. Designed to offer contactless communications over short distance, and with no setup for the user, this technology has caught on in mobile devices and payment systems. NFC is a low-speed connection, but with proper setup, it has been used to bootstrap higher-bandwidth transfers. The Android Beam process uses NFC to initiate a Bluetooth connection between devices. This enables the higher transfer speeds of Bluetooth, but with the security associated with the close proximity.
Sensor Networks
Sensor networks are connections of distributed autonomous sensors designed to monitor some measureable condition. These networks serve to collect data on physical and environmental processes, such as rainfall, weather, communication efficiency, and more. Each network is designed for a purpose, with the choice of sensor type, location, and communication method being chosen to fit the situation. The majority of sensor networks are now being deployed using wireless communications. This is partly due to the ubiquity and relatively low cost of wireless solutions.
The individual elements of a sensor network are referred to as nodes. A node is typically a measuring device as well as a communication platform. The actual network architecture is dependent upon the communication technology and the business objectives of the network.
Mobile Applications
Mobile applications are software applications designed to run on mobile devices, such as phones and tablets. Becoming nearly ubiquitous for numerous purposes, there is a commonly used phrase, “I have an app for that,” to describe this form of computing architecture. Mobile apps are designed and developed with the native constraints of the mobile device in mind. Limited processing power, limited memory, and limited input/output capability, yet always on and always with a user (convenience and persistence to the user) offer a unique computing environment.
The typical mobile application environment includes an element known as the app store. App stores are repositories designed to mediate the distribution of software to the mobile devices. There are numerous forms of app stores, from private app stores set up within enterprises, to commercial app stores run by the mobile device manufactures (Apple, Nokia, Blackberry, Google), to commercial stores such as Amazon. The secure development of mobile apps is an interesting issue, as mobile devices are becoming common interfaces to a network, and can pose a connection or client-side risk. Mobile apps tend to have the potential to access a significant quantity of information stored on the device.
Integration with Existing Architectures
A modern enterprise is never going to be singular in its architectural form. IT systems have grown over time through an accretive process where the new “system” is designed to meet requirements and then joins the other systems in the enterprise. Cross-integration between architectures allows data reuse and significantly increases the overall utility of the enterprise architecture as a whole. As new services and opportunities are presented to the IT enterprise, the need to fully integrate, as opposed to rebuilding existing data services, is both a cost- and risk-reducing proposition. Going forward, enterprise accretion will continue, with the addition of new capability and the retirement of no longer used or needed capabilities.
Cloud Architectures
Cloud computing is a relatively new term in the computer field used to describe an architecture of scalable services that are automatically provisioned in response to demand. Although the term is new, the operational concept is not and has been in use for decades. Cloud computing is marked by the following characteristics:
• On-demand self-service
• Broad network access
• Resource pooling
• Rapid elasticity
• Measured service
Customers can unilaterally provision and reprovision their level of service as needed. Scaling can increase and decrease on demand, with resource utilization being monitored and measured. Cloud computing can be economical because of the resource pooling and sharing across multiple customers with differing scale needs at any given time. Cloud computing is ideally suited for small and medium-sized businesses, as it alleviates the technical side of building out infrastructures and resolves many scaling issues.
Cloud-based computing is also taking hold in large enterprises, for by adopting the methodologies used in cloud computing, the large enterprises can garner the advantages. When the scale permits, large enterprises can run their own cloud-based instances, offering SaaS, PaaS, and IaaS capabilities in-house.
The National Institute of Standards and Technology (NIST) document of cloud computing, NIST Special Publication 800-145: The NIST Definition of Cloud Computing, defines four deployment models:
• Private cloud
• Public cloud
• Community cloud
• Hybrid cloud
The private and public clouds are exactly as they sound, serving either a single entity or multiple entities. The community cloud differs from a public cloud in that its membership is defined by a community of shared concerns. A hybrid cloud is an environment composed of more than one of the previously mentioned characteristics, with them remaining separate but bound by some form of common technology.
Software as a Service
Software as a Service (SaaS) is a type of cloud computing where the software runs in the cloud on external hardware and the user derives the benefit through a browser or browser-like interface. Moving IT deliverables to an “as a service” deployment methodology has gained tremendous traction because of the convenience factors. The SaaS model allows for virtually no contact distribution, instant update and deployment methods, and the ability to manage software interactions with other packages. Pricing can take advantage of economies of scale and low cost for user provisioning. Rather than a firm needing to stand up servers and back-end processes, all they need are clients. SaaS ties nicely into the cloud and PaaS and IaaS movements, providing compelling business capabilities, especially for small and medium-sized businesses.
One of the advantages is that the consumer does not manage or control the underlying cloud infrastructure. This includes the required network, servers, operating systems, storage, or even individual application capabilities. All that a consumer would need to configure would be a limited set of user-specific application configuration settings.
Data security is still a legitimate issue in SaaS, and software planned for this type of deployment needs to consider the ramifications of the vendor holding and protecting client data. This can be a serious issue, and significant planning and detailed attention need to be placed on this aspect of the development cycle. Failure to plan and protect can lead to market failures, either through nonacceptance or customer losses and claims in the event of a breach.
Platform as a Service
Platform as a Service (PaaS) is a form of cloud computing that offers a complete platform as a solution to a computing need. This is a service model of computing where the client subscribes to a service, which in this case can include multiple elements. The platform may include infrastructure elements (IaaS) and software elements (SaaS). PaaS can exist as a selected collection of elements into a designed solution stack for a specific problem. This may include apps, databases, web services, storage, and other items that are offered as a service.
As with SaaS, one of the advantages is that the consumer does not manage or control the underlying cloud infrastructure. This includes the required network, servers, operating systems, storage, or even individual application capabilities. As the scale of the platform increases, so does the operational savings from this aspect. All that a consumer would need to configure would be a limited set of user-specific application configuration settings, a task that can be modified to scale across the platform in a single action.
PaaS has also been used to support the development effort by offering all the desired software development components as a solution stack, accessible via a web browser. Creating a stack of approved software applications that are kept appropriately updated can add value to the development effort as well as other business environments. Integration into testing platforms and change management systems, in addition to simple development environments, simplifies the development process.
Infrastructure as a Service
Infrastructure as a Service (IaaS) is a form of cloud computing that offers a complete platform as a provisioning solution to a computing need. A typical computing environment consists of networks connecting storage, processing, and other computing resources into a functional environment. IaaS provides the consumer of the service with the capability to manage the provisioning of these elements in response to needs. The consumer can deploy and operate arbitrary software across a cloud-based platform without worrying about the specifics of the infrastructure. IaaS is a partial solution from the continuum from SaaS to PaaS, with the consumer retaining some control over the platform configurations within an IaaS environment.
Chapter Review
This chapter covered the different forms of architectures used in computer systems and the security implications of each. Distributed computing is a form of separating the processing and storage across multiple systems. Forms of distributed computing include client server and peer-to-peer architectures. Message queuing technologies can be used as a supporting technology. Service-oriented architectures are platform-neutral, modular applications that have contract-based interfaces. A key component of an SOA is the enterprise service bus (ESB). SOAs can be supported by SOAP and REST protocols. Web services are a form of SOA that uses WSDL for provisioning and the Internet for communication channels.
Rich Internet applications can mimic desktop application look and feel, but add a concern over client-side exploits and remote code execution threats. The combination of constant connectivity, hyper-connectedness, mobile devices, and affordable computing, coupled with apps such as Google search, the World Wide Web, and social media, has led to a state of pervasive computing. Wireless networks allow much easier networking for elements such as mobile devices. Mobile and wireless devices are enhanced with technologies such as location-based services, RFID, NFC, and sensor networks, and using mobile applications can provide new and enhanced services. The chapter concluded with a discussion of cloud computing, presenting SaaS, PaaS, and IaaS.
Quick Tips
• Client server architectures are characterized by a distributed application structure that partitions operations between the providers of a resource or service, called servers, and the requesters, called clients.
• A common utilization of the peer-to-peer model is in file sharing, where machines directly share files without an intermediate storage hub.
• Service-oriented architectures are distributed, modular applications that are platform neutral and have automated interfaces.
• SOAs can involve SOAP, XML, and REST protocols.
• Web services are a form of SOA that use WSDL for interface definitions.
• Rich Internet applications replicate desktop functionality in a web-based form.
• Clients are susceptible to exploitation and remote code injections against the server.
• Radio frequency identification (RFID) is a radio frequency, noncontact means of transferring data between two parties.
• Near-field communication (NFC) is a protocol and set of standards for communication via radio frequency energy over very short distances.
• Cloud computing is a relatively new term in the computer field used to describe an architecture of scalable services that are automatically provisioned in response to demand.
• Software as a Service (SaaS) is a type of cloud computing where the software runs in the cloud on external hardware, and the user derives the benefit through a browser or browser-like interface.
• Platform as a Service (PaaS) is a form of cloud computing that offers a complete platform as a solution to a computing need.
• Infrastructure as a Service (IaaS) is a form of cloud computing that offers a complete platform as a provisioning solution to a computing need.
Questions
To further help you prepare for the CSSLP exam, and to provide you with a feel for your level of preparedness, answer the following questions and then check your answers against the list of correct answers found at the end of the chapter.
1. On which platform can a customer deploy and operate arbitrary software across a cloud-based platform without worrying about the specifics of the environment?
A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Architecture as a Service
2. _____ is a selected collection of elements into a designed solution stack for a specific problem.
A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Architecture as a Service
3. _____ is a type of cloud computing where the software runs in the cloud on external hardware, and the user derives the benefit through a browser or browser-like interface.
A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Architecture as a Service
4. Which of the following is not a type of cloud?
A. Public
B. Private
C. Collective
D. Hybrid
5. Cloud computing is defined by the following except:
A. Rapid elasticity
B. On-demand self-service
C. Broad network access
D. Low costs
6. ______ is a protocol and set of standards for communication via radio frequency energy over very short distances.
A. Wi-Fi
B. NFC
C. Wireless
D. Zigbee
7. ____ is an architecture that can mimic desktop applications in usability and function.
A. RIA
B. NFC
C. REST
D. SOAP
8. The architectural element that can act as a communication conduit between protocols is:
A. REST
B. XML
C. ESB
D. WSDL
9. Platform-neutral, interoperable, and modular with contract-based interfaces describes:
A. SOA
B. XML
C. WSDL
D. ESB
10. Thin clients are examples of:
A. Distributed computing
B. Message queuing
C. Peer-to-peer
D. Client server
11. SOA is connected to all of the following except:
A. CORBA
B. SOAP
C. REST
D. RIA
12. One of the major risks associated with the client server architecture is:
A. Client-side exploits
B. Scalability
C. Confidentiality
D. Stability
13. One of the risks associated with wireless is:
A. Eavesdropping
B. Stability
C. Capacity
D. Complexity
14. Architecture of scalable services that are automatically provisioned in response to demand is referred to as:
A. Mobile applications
B. Cloud computing
C. SaaS
D. PaaS
15. One of the primary advantages of SaaS is:
A. Layered security
B. Data security
C. The consumer does not have to manage or control the underlying cloud infrastructure
D. Licensing
Answers
1. A. IaaS is a form of cloud computing that offers a complete platform as a provisioning solution to a computing need.
2. B. PaaS can exist as a selected collection of elements into a designed solution stack for a specific problem. This may include apps, databases, web services, storage, and other items that are offered as a service.
3. C. SaaS is a type of cloud computing where the software runs in the cloud on external hardware, and the user derives the benefit through a browser or browser-like interface.
4. C. The four deployment models are private, public, community, and hybrid.
5. D. Cost is typically driven by performance characteristics, and is not a standard characteristic of cloud computing.
6. B. Object owners define access control in discretionary access control systems.
7. A. Rich Internet applications (RIAs) are a form of architecture using the Web as a transfer mechanism and the client as a processing device, typically for display formatting control functions.
8. C. An ESB allows XML, EDI, WSDL, REST, DCOM, CORBA, and others to communicate with each other in a seamless fashion.
9. A. SOA characteristics include platform neutrality, interoperability, modularity and reusability, abstracted business functionality, contract-based interfaces, and discoverability.
10. D. Thin clients perform the majority of the processing on the server.
11. D. Rich Internet application (RIAs) are not necessarily connected to SOAs.
12. A. Client-side exploits are attacks against the client side of the client server architecture.
13. A. Because anyone in range can intercept the wireless signal, eavesdropping is a significant concern.
14. B. Cloud computing is a relatively new term in the computer field used to describe an architecture of scalable services that are automatically provisioned in response to demand.
15. C. The principle of economy of mechanism is to limit complexity to make security manageable, or keep things simple.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.