Skip to main content

Simplifying Web Security

There are a bunch of Blog posts on 11/11 Cyberattack.... Threats like these help in understanding the pains and gains of planning/deploying effective web security measures....

The fundamental principles of Security - confidentiality, integrity and availability need to drive the decision making process....for securing Web Properties(Portals, ecommerce and business websites)

In my opinion, the defences need to be created at every level of the infrastructure....the key layers being:

Hardware
=======
Network
Storage
Servers
Appliances

Software
=======
Operating System
Webserver
Application server
Database server
Special appliance firmware/os

The typical threats are centered around increase in load (DoS/DDoS), compromising data (sql injection or Web server exploits) and compromising Authentication/Authorization methods.

A simple approach to deal with most of the issues is by using a 3 step approach:

1. Improve application security - Application security is turning from art form to more exact science with thier relavent calculations. this is slow and painful process of securing, reauditing and assessing the impact on the overall security posture

2. Increase Server capacity -- Methods like vmware and/Blade server environment help us to define the scale that is needed to handle sever capacity... biggest challage is to augment server capacity as soon as we see a threat. the simple Robinhood approach- to steal from peter to give it to paul... The way this works:

1: To have a Virtualization software(vmware/Xen/Virtual server) is used as a part of every server build.

2: Convert your physical servers in virtual servers and create the set of files that makes up the know good image. Keep there VM images are all of the webservers that are serving low volume content. activate the VM's behind the same load balancer...inorder to handle any suddent traffic bursts...



3. Tighten the Perimeter -- The approach here is to protect each layer of security so that some of the illegite traffic should not be able to enter....

Snort-inline - IDS/IPS
ArmorLogic - Application firewall
Fortigate - Unified threat managment

Are we home safe with all these methods... not yet...the key to responding any crisis is calmly listening/listings all the possible threats, map it to various measures undertaken to reduce the attack surface.

Comments

Popular posts from this blog

ForeThought -- Global directory service for the Digital world

ForeThought Real world is full of people. We have phone books,yellow pages, maps and postal addresses to get to them. Real world is governed by laws, rules and norms. Digital world is full of devices and devices only(severs, desktops, appliances, gadgets etc..) In the digital world, We have DNS, IP Addresses/SMTP mail address, Routers/gateways. All of these methods are still rudimentery to lookup and locate attributes, features and functions of devices. Most devices serve a useful purpose. some of them are misused to inflict pain and damage in the digital world. Clear knowledge attributes, features and functions of devices can hel in reducing the risk and help us in responding to misuse of these devices. An idea of a Global Directory Service -- for locating Devices worldwide....These devices are attributed to People, Resources and Services.... This type of service can help in Asset tracking, Monitoring, Communications, Incident response, forensics and Da...

Information Infrastructure for Human Advancement - Vedic thought

Human Advancement is a far-cry when we are living in a world where human existence is threatened by man-made vulnerabilities. Human existence is threatened by Global warming - Natural disasters Health Crisis - Drinking water, Biodiversity/Genetically Modified Food, Virus Outbreaks Materials Crisis - Availability of Petroleum/Rare-earth for EV's (Lithium/Dyspersium) Security Crisis - Cyber Security/Data Breaches Global Political/Economic environment – Sanctions/Tariffs Purpose and Motivation Purpose of this conversation is to discuss the application of emerging technologies in information infrastructure for improving resilience of the human race and aspire for human advancement. This requires understanding key concepts of AI/Deep learning/Machine Learning, Nueromorphic computing and Pervasive computing in the context of  human interactions. There is need for a Multi-disciplinary approach involving Non-STEM and STEM(Science, Technology, Engineering and Math)...

Living a dream...five years of moving from services to lasting products.

RCV innovations has transformed from a training and consulting outfit to product based services organization.  The last five years had a see-saw effect on our existence as a viable business. We cannot forget the contributions of our mentors, early patrons and partners- Niranjan, Brad, Rakesh,Dorothy, Avik, Supriya, Sridhar, Bhaskar, Jaipal, Kishan, Joseph, Goutam, Mishra and many others. I am deeply moved by the faith some of our new customers have placed on us by adopting VAMANiT appliances for their business needs. Our team is grateful for the opportunity to serve you to the best of our ability. I am humbled by the commitment and excitement the team has shown in executing our new Nested Data center strategy. The pace at which we have trained ourselves in cutting-edge VMware vSAN and NSX technologies is noteworthy.  We are applying our VMware knowledge to Strategic and Mission critical applications by integrating energy efficient purpose built VAMANiT Nested Data ...