"One person's ‘paranoia’ is another person's ‘engineering redundancy’." — Marcus J. Ranum
Image retrieved from http://www.sentrillion.com/cyber/secure-architecture.php
Once again, we continue exploring the Defense in Depth model of security. The second-to-last layer we will discuss is the application layer. The application layer of the defense in depth model focuses on keeping applications on a host system and workstations secure. Applications are the software that manipulates the data, which is the ultimate attack target. Poorly protected applications can provide easy access to confidential data. These applications, such as customer relationship management and financial systems, can provide a target to individuals with malicious intent. The following components are essential for application layer security.
1. Application Shield
An application shield, often referred to as an application-level firewall, ensures that incoming and outgoing requests are allowable for the application at hand. The application shield is commonly installed on web servers, email servers, database servers, etc. It is finely tuned to the host device’s expected functionality, i.e. an application shield on an email server would be configured to prevent an incoming mail message from automatically launching executables as this is not a typical or necessary email function.
2. Access Control/Authentication
Like network-level and device-level authentication, only authorized users should be able to access an application. All users may be authorized to access the company network, but only select workgroups should be allowed access to certain specific information. These control systems ensure that only authorized users are given access to protected data.
3. Input Validation
Pre-validation of data that is being entered into an application can resolve a number of vulnerabilities. Many of the existing vulnerabilities are achieved through overflowing buffers. An attacker overflows the input buffer which causes the operating system to default to a known state. The attacker may then have complete access to the entire system. An additional benefit of validation is that the data is more accurate which makes the entire information base more reliable.
For example, the only acceptable input from a zip code field on a web-form should be the standard five number characters. All other input should be denied and produce an error message when submitted. Key words should also be filtered, especially command-related terms.
4. Application Hardening
Application hardening is a security measure designed to prevent exploitation of various types of vulnerabilities in software applications. Application hardening tools are designed to protect code from hackers by using obfuscation, encryption, or authentication techniques. These tools will ward against tampering, piracy, reverse-engineering, malware insertions, and unauthorized use.
5. Content Filtering Software
Content filtering software can be used to block malware and other content that contains hostile, intrusive, or annoying material including adware, spam, computer viruses, worms, trojan horses, and spyware.
6. Application Gateway/Proxy
An application gateway is an application program that runs on a firewall system between two networks. When a client program establishes a connection to a destination service, it connects to an application gateway or proxy. The client negotiates with the proxy server in order to communicate with the destination service. The proxy establishes the connection with the destination behind the firewall and acts on behalf of the client, hiding and protecting individual computers on the network behind the firewall.
Next time, we will cover the last layer of the Defense in Depth model of security, the data layer.
Thanks for reading!
Jen
No comments:
Post a Comment