Managed Security Solutions: The Cure for Security Tedium
The most tedious and mind-numbing aspects of the security work, culling log files, performing traffic analysis, and monitoring application and database access, are the most important. So how do you assure the peace of mind of having a secure, well-maintained environment without culling through the proverbial haystack to find a vulnerability needle? Well, this is where managed security solutions (MSS) come in handy.
Managed security solutions will make the jobs of traffic-pattern analysis, log file parsing and examination, and application-use mapping much easier. Security utilities such as WebTrends, Netsaint, Tripwire, Stealth Scanner, and Whisker (see Web Server Scanners: Find Your Vulnerabilities Before Hackers Do), which can be integral parts of a MSS, provide assistance in the aspects of maintenance so often missed by even the most diligent systems, network, and application engineers.
You can design an MSS in-house, outsource it to an MSS provider, or adopt MSS third-party software. The design documents from the initial phases of your Web service construction will help to define your requirements for an MSS. If, for example, you have a very small Web farm with load balancers and only a small Internet-facing presence, perhaps a MSS that performs network assessment primarily and server and application assessment secondarily is not the most fruitful way to go. If a large network presence surrounds your server farms but the farms are well controlled and maintained by an army of systems administrators, then your ideal MSS will focus on the network and application.
Footprinting Verifies Strengths and Weaknesses
You can use several methods to verify the security of your Web services and the environment in which they run. These methods entail a strong understanding of the application, the systems, and the network, and if done properly will provide an overall view of the security posture surrounding each aspect of the Web service.
Footprinting, the process of gathering data regarding a specific network environment, provides a snapshot of the entire Web service environment's security posture. By the environment, I mean not just the application, the network, and the servers, or the patch levels, hotfix levels, and service-pack levels, but all of these things and more. For example, footprinting often will detect that rogue Web server in the marketing department running an unpatched version of the OS, Web server, or application server, an inviting target that could lead to a compromise of the primary Web service platform (depending on trust issues within the corporate network environment). (see Build a Managed Security Solution for Your Web Servers with Open Source Tools for a guide to footprinting with open source scanners.)
Footprinting also will show the state of the network, the routers, and the ACLs that surround the applications and servers. Do these routers allow access to the internal network if a certain TCP/IP source port is used? Perhaps DNS zone transfers are performed regularly, and as such port 53/TCP is allowed to enter into the network. These sorts of exceptions often are inroads for an attacker. By footprinting the environment regularly and making sure to examine the results, the chances are much higher for someone within the organization to discover that rogue Web server or notice that anomalous traffic before an outsider breaks through the defenses.
Introduction 
Managed Security Solutions 
Build It Right the First Time 
