[prev in list] [next in list] [prev in thread] [next in thread]
List: osdl-security-sig
Subject: [Security_sig] Draft: DCL Internal Infrastructure Server
From: "Ed Reed" <ereed () novell ! com>
Date: 2005-04-28 22:15:24
Message-ID: s2710c2b.012 () sinclair ! provo ! novell ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Here's my first take on the description of what I mean by a Internal Infrastructure \
Server. There are aspects, in this description, of environmental assumptions, \
security objectives, risk analysis, etc. It's in English, though, or at least tries \
to be. It's almost a short use case.
Comments and suggestions are welcome. Even after I see them.
===================
Internal Infrastructure Server
Internal Infrastructure Servers provide essential network services such as time, \
naming, authentication, message forwarding, accounting, audit, software distribution, \
inventory management and service location. Along with the network routing and \
connectivity infrastructure, they create the network environment supporting \
applications and services throughout the organization. Typically, they, or at least \
critical replicas of such services, will be housed and managed in the data center, \
both to facilitate centralized supervision and management of their configurations, \
and also to facilitate their backup and recovery in the event of data corruption.
Services on these servers are typically redundant, synchronizing periodically or upon \
changes as they occur, with their peer services on other servers. Such \
synchronization traffic may be substantial, depending on configuration and protocol \
designs. The synchronization traffic itself presents a security challenge, as \
security-sensitive information (passwords, personal information attributes) may be \
replicated. Further, the risk of an attacker delaying or modifying data in transit \
must be addressed, as is the risk that old, stale information (previously deleted or \
obsoleted) may be reintroduced into the operational environment intentionally or \
accidentally (as may happen due to the restoration of an old backup).
While these systems are generally only used and visible within the organization, and \
so are usually protected by firewalls preventing their access by hostile outside \
attackers, their central role in the effective operation and management of the \
network makes them attractive targets for internal hackers, or for \
worm/virus-delivered attack programs from the outside. Defense against session \
hijacking, man-in-the-middle attacks, and attempts to reconfigure cached or \
configuration data should be provided in the selection of protocols used and their \
protections. Many organizations consider the networks used by internal employees for \
user productivity applications (email, collaboration, file and print sharing) to be \
untrustworthy, because of the incidence of worm and virus mounted attacks delivered \
via email attachments and downloaded documents.
Resource accounting may be a requirement for some of these services, but frequently, \
they're operated as utilities by a centralized operational staff chartered with \
keeping them running and responsive to the loads placed on them by user workstations. \
[Attachment #5 (text/html)]
<html>
<head>
<DEFANGED_style type="text/css">
<!--
body { margin-top: 4px; margin-bottom: 1px; line-height: normal; margin-left: \
4px; margin-right: 4px; font-variant: normal }
-->
</DEFANGED_style>
</head>
<body>
<div>
<div>
<DIV> Here's my first take on the description of what I mean by \
a Internal Infrastructure Server.  There are aspects, in this \
description, of environmental assumptions, security objectives, risk \
analysis, etc.  It's in English, though, or at least tries \
to be.  It's almost a short "use case". </DIV>
</div>
</div>
<div>
<div>
<DIV>  
</DIV>
<DIV>Comments and suggestions are welcome. Even after I see them.
</DIV>
</div>
</div>
<DIV>
===================
</DIV>
<DIV>
Internal Infrastructure Server
</DIV>
<DIV>
Internal Infrastructure Servers provide essential network services such as \
time, naming, authentication, message forwarding, accounting, \
audit, software distribution, inventory management and service location. \
Along with the network routing and connectivity infrastructure, they \
create the network environment supporting applications and services throughout the \
organization. Typically, they, or at least critical replicas of such \
services, will be housed and managed in the data center, both to facilitate \
centralized supervision and management of their configurations, and also to \
facilitate their backup and recovery in the event of data corruption. </DIV>
<DIV> </DIV>
<DIV>
Services on these servers are typically redundant, synchronizing \
periodically or upon changes as they occur, with their peer services on other \
servers. Such synchronization traffic may be substantial, depending on \
configuration and protocol designs. The synchronization traffic itself presents \
a security challenge, as security-sensitive information (passwords, \
personal information attributes) may be replicated. Further, the risk \
of an attacker delaying or modifying data in transit must be addressed, as is the \
risk that old, stale information (previously deleted or obsoleted) may be \
reintroduced into the operational environment intentionally or accidentally (as \
may happen due to the restoration of an old backup). </DIV>
<DIV> </DIV>
<DIV>
While these systems are generally only used and visible within the \
organization, and so are usually protected by firewalls preventing their access \
by hostile outside attackers, their central role in the effective operation and \
management of the network makes them attractive targets for internal hackers, or \
for worm/virus-delivered attack programs from the outside. Defense against \
session hijacking, man-in-the-middle attacks, and attempts to reconfigure \
cached or configuration data should be provided in the selection of protocols used \
and their protections. Many organizations consider the networks used by \
internal employees for user productivity applications (email, \
collaboration, file and print sharing) to be untrustworthy, because of \
the incidence of worm and virus mounted attacks delivered via email attachments and \
downloaded documents. </DIV>
<DIV> </DIV>
<DIV>
Resource accounting may be a requirement for some of these services, but \
frequently, they're operated as utilities by a centralized operational staff \
chartered with keeping them running and responsive to the loads placed on them by \
user workstations. </DIV>
</body>
</html>
_______________________________________________
security_sig mailing list
security_sig@lists.osdl.org
http://lists.osdl.org/mailman/listinfo/security_sig
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic