There are a bunch of Blog posts on 11/11 Cyberattack.... Threats like these help in understanding the pains and gains of planning/deploying effective web security measures....
The fundamental principles of Security - confidentiality, integrity and availability need to drive the decision making process....for securing Web Properties(Portals, ecommerce and business websites)
In my opinion, the defences need to be created at every level of the infrastructure....the key layers being:
Hardware
=======
Network
Storage
Servers
Appliances
Software
=======
Operating System
Webserver
Application server
Database server
Special appliance firmware/os
The typical threats are centered around increase in load (DoS/DDoS), compromising data (sql injection or Web server exploits) and compromising Authentication/Authorization methods.
A simple approach to deal with most of the issues is by using a 3 step approach:
1. Improve application security - Application security is turning from art form to more exact science with thier relavent calculations. this is slow and painful process of securing, reauditing and assessing the impact on the overall security posture
2. Increase Server capacity -- Methods like vmware and/Blade server environment help us to define the scale that is needed to handle sever capacity... biggest challage is to augment server capacity as soon as we see a threat. the simple Robinhood approach- to steal from peter to give it to paul... The way this works:
1: To have a Virtualization software(vmware/Xen/Virtual server) is used as a part of every server build.
2: Convert your physical servers in virtual servers and create the set of files that makes up the know good image. Keep there VM images are all of the webservers that are serving low volume content. activate the VM's behind the same load balancer...inorder to handle any suddent traffic bursts...
3. Tighten the Perimeter -- The approach here is to protect each layer of security so that some of the illegite traffic should not be able to enter....
Snort-inline - IDS/IPS
ArmorLogic - Application firewall
Fortigate - Unified threat managment
Are we home safe with all these methods... not yet...the key to responding any crisis is calmly listening/listings all the possible threats, map it to various measures undertaken to reduce the attack surface.
The fundamental principles of Security - confidentiality, integrity and availability need to drive the decision making process....for securing Web Properties(Portals, ecommerce and business websites)
In my opinion, the defences need to be created at every level of the infrastructure....the key layers being:
Hardware
=======
Network
Storage
Servers
Appliances
Software
=======
Operating System
Webserver
Application server
Database server
Special appliance firmware/os
The typical threats are centered around increase in load (DoS/DDoS), compromising data (sql injection or Web server exploits) and compromising Authentication/Authorization methods.
A simple approach to deal with most of the issues is by using a 3 step approach:
1. Improve application security - Application security is turning from art form to more exact science with thier relavent calculations. this is slow and painful process of securing, reauditing and assessing the impact on the overall security posture
2. Increase Server capacity -- Methods like vmware and/Blade server environment help us to define the scale that is needed to handle sever capacity... biggest challage is to augment server capacity as soon as we see a threat. the simple Robinhood approach- to steal from peter to give it to paul... The way this works:
1: To have a Virtualization software(vmware/Xen/Virtual server) is used as a part of every server build.
2: Convert your physical servers in virtual servers and create the set of files that makes up the know good image. Keep there VM images are all of the webservers that are serving low volume content. activate the VM's behind the same load balancer...inorder to handle any suddent traffic bursts...
3. Tighten the Perimeter -- The approach here is to protect each layer of security so that some of the illegite traffic should not be able to enter....
Snort-inline - IDS/IPS
ArmorLogic - Application firewall
Fortigate - Unified threat managment
Are we home safe with all these methods... not yet...the key to responding any crisis is calmly listening/listings all the possible threats, map it to various measures undertaken to reduce the attack surface.
Comments